i say this might be slightly OT because i am asking more of a philosophical question, not a technical one. the excellent documentation has given me all i need to know about the probability directive. thanks, devs, for that.
quick story: i have a couple dozen websites spread across two OpenBSD/base apache machines. one of my clients runs a web-based forum that's experienced a bit of trouble recently with previously banned users registering multiple accounts through open proxies and causing problems (just open proxies, not tor exit nodes). the mods have quelled the activity for now, but i'm thinking of ways to help them in the future. i use sensible max-src-conn and max-src-conn-rate to be sure to DoS attacks won't cause httpd to knock down my server, but this is a solution to a different problem in my eyes---this is just trying to be a good sysadmin. i have grepped through the logs of other clients, and i don't see any evidence of any traffic from the lists of open proxies i've compiled, so i don't think this would have un-intended effects on them. the only reason i guess that i'm cautious about just getting a list of known open proxies, creating a pf table and running with something like: block in log quick on $ext_if from <openproxies> to any probability 90% is because it seems a little bofh-ly to me. and i guess it borders on security-through obscurity, which of course it not really security at all. but it seems a bit more sinister than just outright blocking, which kinda makes me snicker a bit. make the experience painful enough that they just go away. and i suppose i've just been dying to find a use for the probability directive. so anyway, how are _you_ using probability? does this seem inline with what it was designed for? how, if at all, do you deal with open proxies? you can respond off-list if this is really too OT for m...@. and i'm not afraid to be told this is the stupidest. idea. ever. if that's what you think. i'm also open to other ideas. thanks and cheers!
