squid help - increasing web security
Mail Lists
lists at sapience.com
Thu Oct 22 02:21:16 UTC 2009
Can anyone help with this ?
I use squid as an accelerator on my border firewall. (ie incoming to
my webserver hit the reverse squid proxy which mediates the request to
the real webserver if it is not cached).
I have noticed that whenever the script kiddies attack/scan my
website, they always scan the website using http://[ip]
They never use any domain name - presumably the scripts scan blocks
of ip's and so they care not a jot what domain is hosted at that ip.
So - I believe i can avoid a large number of scans, if I can prevent
http://[ip] from ever reaching the webserver.
As I read the squid docs, "acl dstdomain IP" may block what I want,
but may do a DNS lookup on domain for the normal traffic and then block
that too - clearly not what I want.
So how to I contruct an acl which matches http://[ipaddress] and
which does not match http://domain, where the IP of domain is [ipaddress].
thanks ...
More information about the fedora-list
mailing list