Re: [PLUG] iptables: dropping bogus application-level content

[Michael Lazin <microlaser@gmail.com>]

Whitelisting is a good idea.  Consider using a .htaccess allow or deny to limit traffic.

On Wed, Jul 17, 2013 at 10:31 AM, Douglas Muth <doug.muth@gmail.com> wrote:

On Wed, Jul 17, 2013 at 10:16 AM, Ron Mansolino <rmsolino@gmail.com> wrote:

I'm trying to figure out a way to avoid having Apache process/log bogus requests.

(my "dev" server collects a lot of bullshit from around the globe that I have no need to service,
and I'm not worried about a performance hit). For example this doesn't work:

-A INPUT -p tcp -m tcp --dport 80 -m string --string "ZmEu" --algo bm --to 999 -j DROP

What is a more proper way to drop bogus agents, requests, etc?
I don't want to do this with mod_rewrite.

I don't know off the top of my head, but it being a dev server implies that very few people are accessing it.  Why not white list IPs on port 80?  That would be a pretty effective way to cut back on your traffic.

-- Doug

-- 

http://www.dmuth.org/
http://twitter.com/dmuth

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

--
Michael Lazin

to gar auto estin noein te kai ennai

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug