On 10/21/2009 10:21 PM, Mail Lists wrote: > > I use squid as an accelerator on my border firewall. (ie incoming to > my webserver hit the reverse squid proxy which mediates the request to > the real webserver if it is not cached). > > I have noticed that whenever the script kiddies attack/scan my > website, they always scan the website using http://[ip] > ... > So - I believe i can avoid a large number of scans, if I can prevent > http://[ip] from ever reaching the webserver. > > So how to I contruct an acl which matches http://[ipaddress] and > which does not match http://domain, where the IP of domain is [ipaddress]. > > (i) Using acl dstdom_regex does not work - squid is too clever and does rerverse DNS lookup on IP. (ii) The following does work: acl bad_to_DOM_is_ip url_regex ^[^:]*://[0-9\.]*(:|/|$|\?)[.]*$ http_access deny bad_to_DOM_is_ip gene -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
