Seems I have a lot of people trying to access my repository who have no business doing so:
[andy@toaster|~/fossil]$ fossil info myprojectname.fossil access-url: http:// 2015-02-23 access-url: http://216.114.41.8 2015-02-23 access-url: http://216.114.41.8:80 2015-03-05 access-url: http://24x7-allrequestsallowed.com 2015-04-01 access-url: http://5.61.43.116 2015-04-02 access-url: http://66.160.219.98 2015-03-06 access-url: http://66.160.219.98:80 2015-03-09 access-url: http://dns.cloud.ph 2015-03-10 access-url: http://google.com 2015-02-24 access-url: http://httpheader.net 2015-03-23 access-url: http://s1.bdstatic.com 2015-04-24 access-url: http://testp1.piwo.pila.pl 2015-04-08 access-url: http://testp3.pospr.waw.pl 2015-03-05 access-url: http://testp4.pospr.waw.pl 2015-03-10 access-url: http://toaster 2015-02-23 access-url: http://toaster.x. 2015-02-23 access-url: http://un.is-a-geek.com 2015-03-30 access-url: http://un.is-a-geek.com:8080 2015-03-14 access-url: http://www.baidu.com 2015-02-24 access-url: http://www.teddybrinkofski.com 2015-03-13 Only one of these is valid. Most likely, they're cycling through ranges of addresses to see which listen on port 80, and if open, send dummy HTTP headers to check if the response indicates a server with known security vulnerabilities. I'd like to limit access based on the HTTP/1.1 Host: header. If Host: isn't un.is-a-geek.com or un.is-a-geek.com. (note final period) then just drop the connection. A further refinement would be virtual hosting in which different Host: values map to different repositories. I don't need this feature, but others might. If it's not already clear, this particular repository should only be accessible to a handful of people. Anonymous access is already disabled, but I ought to do SSL to shut out anyone sniffing the network. However, the server uses a 350MHz PII with 256MB RAM, so this might be tight. -- Andy Goth | <andrew.m.goth/at/gmail/dot/com>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users