Can anyone help with this ? I use squid as an accelerator on my border firewall. (ie incoming to my webserver hit the reverse squid proxy which mediates the request to the real webserver if it is not cached). I have noticed that whenever the script kiddies attack/scan my website, they always scan the website using http://[ip] They never use any domain name - presumably the scripts scan blocks of ip's and so they care not a jot what domain is hosted at that ip. So - I believe i can avoid a large number of scans, if I can prevent http://[ip] from ever reaching the webserver. As I read the squid docs, "acl dstdomain IP" may block what I want, but may do a DNS lookup on domain for the normal traffic and then block that too - clearly not what I want. So how to I contruct an acl which matches http://[ipaddress] and which does not match http://domain, where the IP of domain is [ipaddress]. thanks ... -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
