Re: [PLUG] iptables: dropping bogus application-level content

Douglas Muth on 17 Jul 2013 07:38:19 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables: dropping bogus application-level content

From: Douglas Muth <doug.muth@gmail.com>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] iptables: dropping bogus application-level content
Date: Wed, 17 Jul 2013 10:31:16 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=sPwj9sL0pZ+gTcvE43uA8JEbvpXH4EelZIUAOsV617A=; b=KXIm8qH8I9Mx7gvN4hmkyoAGmQq40SvC+GlOCavfTFb3yfIjf2qf8fsfCfFecfiX6O G3jyrBIfjZGQKN/oSnvKM+EYtORRmaHbaUT0SkYHN0D6sdSoO2qtapPIi//Cjjgtw/GF CyOishk9Q1hlv6wYCh0KN5qcA4bQiq+d83rNFIjpB3SsTJeHgU7aUDJf2e98zB0CbUbf dG4blMxly38Jne0GjNwsZ7/TbakZIc9YZ81tMHtAifiZ/iKuDMyk0IsAXigItPEmhk/R eCf8Dg+WcUsFFOr/c9C6NiM3un+EcM0mKQo2JvXvChETf01SsSdscIgERR2xLax9D4ai GFJA==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

On Wed, Jul 17, 2013 at 10:16 AM, Ron Mansolino <rmsolino@gmail.com> wrote:

I'm trying to figure out a way to avoid having Apache process/log bogus requests.

(my "dev" server collects a lot of bullshit from around the globe that I have no need to service,
and I'm not worried about a performance hit). For example this doesn't work:

-A INPUT -p tcp -m tcp --dport 80 -m string --string "ZmEu" --algo bm --to 999 -j DROP

What is a more proper way to drop bogus agents, requests, etc?
I don't want to do this with mod_rewrite.

I don't know off the top of my head, but it being a dev server implies that very few people are accessing it. Why not white list IPs on port 80? That would be a pretty effective way to cut back on your traffic.

-- Doug

http://www.dmuth.org/
http://twitter.com/dmuth

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] iptables: dropping bogus application-level content
  - From: Michael Lazin <microlaser@gmail.com>
- Re: [PLUG] iptables: dropping bogus application-level content
  - From: Mike James <mpjames53@gmail.com>

References:
- [PLUG] iptables: dropping bogus application-level content
  - From: Ron Mansolino <rmsolino@gmail.com>

Prev by Date: [PLUG] iptables: dropping bogus application-level content
Next by Date: Re: [PLUG] iptables: dropping bogus application-level content
Previous by thread: [PLUG] iptables: dropping bogus application-level content
Next by thread: Re: [PLUG] iptables: dropping bogus application-level content
Index(es):
- Date
- Thread