Bill Walls wrote: > What I want to do is make it so only legit GET requests get to my web > server machine. I.e. GET / HTTP/1.x etc etc and to drop all other kinda > of requests. My feeling on the subject is if I can filter out all other > malformed requests or unrealistic requests, apache will be "saved" from > the majority of attacks. > > Should I use snort or iptables to accomplish this? Is it possible with > either? I know I should RTFM...and believe me, I am. But I was > wondering what kind of input I could get from the list as a whole as how > to proceed. I have also been toying with the idea of using LIDS on the > server machine to throw even more modification into the mix...
Bill: Why don't you instead of running a port forward on your dual-homed box, run some type of proxy with apache. You can use mod_rewrite and a reverse proxy instead. This would validate all requests that go to this box, and you don't have to do some type of hack with iptables, or snort, it is made to do this type of thing. You also have the option of mod_rewriting to several hosts behind the firewall. I have done this before, and it is very simple, it just requires one rewrite rule, and enabling mod_proxy. This way you can do other authentication tricks as well using rewrite conditions. Thats my vote, good luck, =). -- Aaron Peterson [EMAIL PROTECTED]
