A company called Sanctum has a product to help with this. AppShield. There are other tools out there as well.
Charles -----Original Message----- From: Aaron Peterson [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 06, 2001 4:20 AM To: Bill Walls Cc: [EMAIL PROTECTED] Subject: Re: A question about a basic security setup... Bill Walls wrote: > What I want to do is make it so only legit GET requests get to my web > server machine. I.e. GET / HTTP/1.x etc etc and to drop all other kinda > of requests. My feeling on the subject is if I can filter out all other > malformed requests or unrealistic requests, apache will be "saved" from > the majority of attacks. > > Should I use snort or iptables to accomplish this? Is it possible with > either? I know I should RTFM...and believe me, I am. But I was > wondering what kind of input I could get from the list as a whole as how > to proceed. I have also been toying with the idea of using LIDS on the > server machine to throw even more modification into the mix... Bill: Why don't you instead of running a port forward on your dual-homed box, run some type of proxy with apache. You can use mod_rewrite and a reverse proxy instead. This would validate all requests that go to this box, and you don't have to do some type of hack with iptables, or snort, it is made to do this type of thing. You also have the option of mod_rewriting to several hosts behind the firewall. I have done this before, and it is very simple, it just requires one rewrite rule, and enabling mod_proxy. This way you can do other authentication tricks as well using rewrite conditions. Thats my vote, good luck, =). -- Aaron Peterson [EMAIL PROTECTED] ________________________________________________________________ The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. Thank you, Standard & Poor's
