RE: A question about a basic security setup...
From: Hornat, Charles (Charles_Hornat@standardandpoors.com)Date: 12/07/01
- Previous message: Chris Hall: "RE: W32.Goner.A@mm"
- Maybe in reply to: Bill Walls: "A question about a basic security setup..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Hornat, Charles" <Charles_Hornat@standardandpoors.com> To: Date: Fri, 7 Dec 2001 13:08:25 -0500
A company called Sanctum has a product to help with this. AppShield. There are other tools out there as well.
Charles
-----Original Message-----
From: Aaron Peterson [mailto:aaronpeterson@altern.org]
Sent: Thursday, December 06, 2001 4:20 AM
To: Bill Walls
Cc: security-basics@securityfocus.com
Subject: Re: A question about a basic security setup...
Bill Walls wrote:
> What I want to do is make it so only legit GET requests get to my web
> server machine. I.e. GET / HTTP/1.x etc etc and to drop all other kinda
> of requests. My feeling on the subject is if I can filter out all other
> malformed requests or unrealistic requests, apache will be "saved" from
> the majority of attacks.
>
> Should I use snort or iptables to accomplish this? Is it possible with
> either? I know I should RTFM...and believe me, I am. But I was
> wondering what kind of input I could get from the list as a whole as how
> to proceed. I have also been toying with the idea of using LIDS on the
> server machine to throw even more modification into the mix...
Bill:
Why don't you instead of running a port forward on your dual-homed box,
run some type of proxy with apache. You can use mod_rewrite and a
reverse proxy instead. This would validate all requests that go to this
box, and you don't have to do some type of hack with iptables, or snort,
it is made to do this type of thing. You also have the option of
mod_rewriting to several hosts behind the firewall. I have done this
before, and it is very simple, it just requires one rewrite rule, and
enabling mod_proxy.
This way you can do other authentication tricks as well using rewrite
conditions.
Thats my vote, good luck, =).
-- Aaron Peterson AaronPeterson@altern.org________________________________________________________________ The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer.
Thank you, Standard & Poor's
- Previous message: Chris Hall: "RE: W32.Goner.A@mm"
- Maybe in reply to: Bill Walls: "A question about a basic security setup..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
