| Julien Vehent on 17 Jul 2013 16:54:29 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] iptables: dropping bogus application-level content |
On 2013-07-17 10:16, Ron Mansolino wrote:
I'm trying to figure out a way to avoid having Apache process/log bogus requests. (my "dev" server collects a lot of bullshit from around the globe that I have no need to service, and I'm not worried about a performance hit). For example this doesn't work: -A INPUT -p tcp -m tcp --dport 80 -m string --string "ZmEu" --algo bm --to 999 -j DROP What is a more proper way to drop bogus agents, requests, etc? I don't want to do this with mod_rewrite. thanks
Quoting myself (plug talk from last december)* See slide 11 on http://jve.linuxwall.info/ressources/taf/PLUG%20Firewall%20Talk%20Julien%20Vehent%20sept2012.pdf
* And Minute 22:20 at http://vimeo.com/46745083
You can optimize to only match certain TCP flags, mark the connections
instead of dropping them, etc...
Cheers, -- Julien Vehent (307) 363-2101 http://jve.linuxwall.info ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug