> I have a question on filtering incoming traffic over the WAN. > > I want to open port 80 to a specific IP and I know by looking at my > Apache logs that "people" try and hit URL's to see if they are valid > to see what they can exploit. Like PhpMyAdmin/, admin/, mysql/. > > In the past I have created Apache ReWrite rules on the server to re- > direct these requests back to themselves: > > RewriteRule ^(.*)$ http://%{REMOTE_ADDR}/ [F,L] > > Is there a way I can do something similar with pfsense so the > traffic stays away from my WebServer? > > The pfSense box I build is beefy, Core i3 with 8gb RAM.
Not directly with firewall rules, but if you're concerned about things like that you could probably use one of the reverse proxy packages (primarily varnish/varnish3, but there are others) to accomplish the same thing. My question is: what do you think you're gaining by doing this? No automated vulnerability scanner I've ever seen follows referrals, so I don't believe you're really accomplishing anything here. It's too bad, because I really like the idea! (Are there vuln scanners that can be fooled this way?) BTW, I assume that your RewriteRule is an example - if not, what's the point of running a webserver at all if it redirects absolutely everything? Or have I misunderstood? If by "open port 80 to a specific IP" you *don't* mean "redirect (or NAT) port 80 to a specific LAN or DMZ IP address", i.e. you really only want to allow traffic from one source address, then that's trivial to do with firewall rules. Based on what I'm reading between the lines of your post, you might want to look at the Snort (with automated blocking) or Strikeback packages, which do something much like fail2ban would normally do. A word of caution, though, using snort takes a ton of CPU, and the automated blocking will block legitimate users at least once in a while. -Adam Thompson [email protected] _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
