squid help - increasing web security
Mail Llists
lists at sapience.com
Thu Oct 22 04:11:52 UTC 2009
On 10/21/2009 10:21 PM, Mail Lists wrote:
>
> I use squid as an accelerator on my border firewall. (ie incoming to
> my webserver hit the reverse squid proxy which mediates the request to
> the real webserver if it is not cached).
>
> I have noticed that whenever the script kiddies attack/scan my
> website, they always scan the website using http://[ip]
>
...
> So - I believe i can avoid a large number of scans, if I can prevent
> http://[ip] from ever reaching the webserver.
>
> So how to I contruct an acl which matches http://[ipaddress] and
> which does not match http://domain, where the IP of domain is [ipaddress].
>
>
(i) Using acl dstdom_regex does not work - squid is too clever and
does rerverse DNS lookup on IP.
(ii) The following does work:
acl bad_to_DOM_is_ip url_regex ^[^:]*://[0-9\.]*(:|/|$|\?)[.]*$
http_access deny bad_to_DOM_is_ip
gene
More information about the users
mailing list