Re: Aborting malicious requests

On Tue, 20 Mar 2018 13:03:09 + "Friscia, Michael" wrote: > This is great, thank you again, this is a huge jumpstart! Per NIST best practices, you should limit the HTML verbs that you allow. A very simple website can run on just GET and HEAD. Here is how you 444

Re: Aborting malicious requests

This is great, thank you again, this is a huge jumpstart! ___ Michael Friscia Office of Communications Yale School of Medicine (203) 737-7932 - office (203) 931-5381 - mobile http://web.yale.edu On 3/19/18, 1:43 PM, "nginx on

Re: Aborting malicious requests

On Mon, 19 Mar 2018 12:31:20 + "Friscia, Michael" wrote: > Just a thought before I start crafting one. I am creating a > location{} block with the intention of populating it with a ton of > requests I want to terminate immediately with a 444 response. Before > I

RE: Aborting malicious requests

Have you considered using something like mod_security to manage this sort of thing? From: nginx [mailto:nginx-boun...@nginx.org] On Behalf Of Friscia, Michael Sent: Monday, March 19, 2018 9:17 AM To: nginx@nginx.org Subject: [IE] Re: Aborting malicious requests Thank you Gary, I really

Re: Aborting malicious requests

list for my firewall. I block the entire IP space. From: michael.fris...@yale.edu<mailto:michael.fris...@yale.edu> Sent: March 19, 2018 5:31 AM To: nginx@nginx.org<mailto:nginx@nginx.org> Reply-to: nginx@nginx.org<mailto:nginx@nginx.org> Subject: Aborting malicious requests Ju

Re: Aborting malicious requests

e IP space.  From: michael.fris...@yale.eduSent: March 19, 2018 5:31 AMTo: nginx@nginx.orgReply-to: nginx@nginx.orgSubject: Aborting malicious reque

Aborting malicious requests

Just a thought before I start crafting one. I am creating a location{} block with the intention of populating it with a ton of requests I want to terminate immediately with a 444 response. Before I start, I thought I’d ask to see if anyone has a really good one I can use as a base. For