Re: A question about a basic security setup...

From: Aaron Peterson (aaronpeterson@altern.org)
Date: 12/06/01

• Previous message: Joe Lefort: "RE: Outlook2000 headers"
• In reply to: Bill Walls: "A question about a basic security setup..."
• Next in thread: dewt: "Re: A question about a basic security setup..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 06 Dec 2001 01:19:52 -0800
From: Aaron Peterson <aaronpeterson@altern.org>
To: Bill Walls <stauph@hotmail.com>

Bill Walls wrote:

> What I want to do is make it so only legit GET requests get to my web
> server machine. I.e. GET / HTTP/1.x etc etc and to drop all other kinda
> of requests. My feeling on the subject is if I can filter out all other
> malformed requests or unrealistic requests, apache will be "saved" from
> the majority of attacks.
>
> Should I use snort or iptables to accomplish this? Is it possible with
> either? I know I should RTFM...and believe me, I am. But I was
> wondering what kind of input I could get from the list as a whole as how
> to proceed. I have also been toying with the idea of using LIDS on the
> server machine to throw even more modification into the mix...

Bill:

Why don't you instead of running a port forward on your dual-homed box,
run some type of proxy with apache. You can use mod_rewrite and a
reverse proxy instead. This would validate all requests that go to this
box, and you don't have to do some type of hack with iptables, or snort,
it is made to do this type of thing. You also have the option of
mod_rewriting to several hosts behind the firewall. I have done this
before, and it is very simple, it just requires one rewrite rule, and
enabling mod_proxy.

This way you can do other authentication tricks as well using rewrite
conditions.

Thats my vote, good luck, =).

--
Aaron Peterson
AaronPeterson@altern.org

---

• Previous message: Joe Lefort: "RE: Outlook2000 headers"
• In reply to: Bill Walls: "A question about a basic security setup..."
• Next in thread: dewt: "Re: A question about a basic security setup..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: A question about a basic security setup... ... > What I want to do is make it so only legit GET requests get to my web ... > Should I use snort or iptables to accomplish this? ... reverse proxy instead. ... before, and it is very simple, it just requires one rewrite rule, and ... (Security-Basics) Re: Dropping 113 auth ident tap packets ... It can only be accessed by browser which really sucks ... One of the ugly things about hardware router/firewall is that it ... isn't near as versatile as iptables. ... I could aim the 113 AUTH requests at an internal ... (comp.os.linux.security) Re: Dropping 113 auth ident tap packets ... > NETGEAR FR314, for those 113 requests, and having the receiving ... > machine send the TCP RST. ... > situations with iptables but I'm afraid sending a TCP RST in reply to ... > certain time frame they would'nt query me again. ... (comp.os.linux.security) Re: Checking FC2 Iptables firewall config for PPPoE-enabled Gateway ... adequate for your LAN I'm sure. ... iptables -P FORWARD DROP ... I completed setting up an FC2-enabled server as a home gateway. ... > requests were possible using domain names. ... (comp.os.linux.security) Simple Iptables (was Re: firestarter start failure?) ... why Samba is not working; it's only after you turn on the ... I bit the bullet and read a bit about iptables. ... requests and allow outgoing, loopback and connections that I instigate. ... For logging you can add at the bottom of the script: ... (Ubuntu)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)