[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Using IPF on a single web server
From:       "Patrick Schoonveld" <pschoonveld () allshare ! nl>
Date:       2001-09-20 9:32:44
[Download RAW message or body]

I would suggest you check out Squid ability to reverse-proxy. A friend of
mine is using it to pull data off different (backend, firewalled & nat'd)
servers based on url. He is also using it to trap exploits like this.

I am not sure of the exact setup, but squid's popularity makes it pretty
easy to find help when you run stuck.

Good luck!


----- Original Message -----
From: "Doug Silver" <dsilver@quantified.com>
To: "IP Filter Mail List" <ipfilter@coombs.anu.edu.au>
Sent: Wednesday, September 19, 2001 10:54 PM
Subject: Using IPF on a single web server


> I'm wondering if anyone is using or has advice for using IPF to filter web
> server traffic as the machine gets probed for the latest IIS exploit.  In
> particular, if you have a solaris or *BSD web server, how much additional
> overhead would that machine have running a really basic IPF ruleset that
> would add in block statements to offending IP addresses in some sort of
> real time situation to limit real traffic that Apache would have to
> handle.  I've seen it mentioned before, but with the recent rise of code
> red/nimda worms it seems worth investigating.
>
> Is this even practical?
>
> -Doug
>
>

[prev in list] [next in list] [prev in thread] [next in thread]