Julien Vehent on 17 Jul 2013 16:54:29 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables: dropping bogus application-level content

On 2013-07-17 10:16, Ron Mansolino wrote:
I'm trying to figure out a way to avoid having Apache process/log bogus
requests. (my "dev" server collects a lot of bullshit from around the
globe that I have no need to service,
and I'm not worried about a performance hit). For example this doesn't

-A INPUT -p tcp -m tcp --dport 80 -m string --string "ZmEu" --algo bm
--to 999 -j DROP

What is a more proper way to drop bogus agents, requests, etc?
I don't want to do this with mod_rewrite.

Quoting myself (plug talk from last december)

* See slide 11 on http://jve.linuxwall.info/ressources/taf/PLUG%20Firewall%20Talk%20Julien%20Vehent%20sept2012.pdf
    * And Minute 22:20 at http://vimeo.com/46745083

You can optimize to only match certain TCP flags, mark the connections instead of dropping them, etc...


Julien Vehent
(307) 363-2101
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug