[ale] Getting Rid of Unwanted Web Server Requests (e.g. *.exe)
Mike Millson
mgm at atsga.com
Mon Dec 23 20:11:40 EST 2002
I was wondering if anyone has any oppinions on how good a strategy it would
be to use the Apache rewrite module to redirect unwanted requests (e.g.
*.exe) to a bogus domain (e.g. http://www.qqq.zzz). I'm trying to think of
strategies to combat things like Nimbda requests. Although these seem to
have died down recently, I can only imagine more of the same is in the
future.
I have followed along other ale posts that have discussed setting up
iptables rules to watch for unwanted requests then automatically updating
the firewall ruleset to exclude the requesting ip address.
I'm curious about the merits and drawbacks to each approach. One thing I
don't like about blocking ip addresses at the firewall is that can't the ip
address be easily faked or be a temporary ip and you wind up blocking valid
ips? In terms of overhead, which is more efficient? Setting up firewall
rules or Apache rewrite rules? Can anyone think of any potentially bad side
effects of redirecting a server request to a bad url? I would love to
redirect them back to M$ where they belong, but something tells me I'd be
easy prey for Bill and his pack of lawyers.
Mike
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list