Re: Policing user CGI scripts
From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 07/04/04
- Next message: chris_at_nospam.com: "Re: Policing user CGI scripts"
- Previous message: Tom Jordan: "Re: Customizing Security"
- In reply to: all mail refused: "Re: Policing user CGI scripts"
- Next in thread: Bodo Eggert: "Re: Policing user CGI scripts"
- Reply: Bodo Eggert: "Re: Policing user CGI scripts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 4 Jul 2004 21:55:30 GMT
In article <slrncegmpg.r3f.elvis@notatla.org.uk>,
all mail refused <elvis@notatla.org.uk> wrote:
:For instance I like webservers to accept TCP traffic on just
:2 ports (80, 22) and cannot originate any TCP traffic at all.
:That prevents spam relaying and the like without needing
:to know the properties of the CGIs.
But it also breaks DNS. UDP based DNS is only good up to 512
bytes per record, and when a longer record would be returned,
a flag is set in the result; at that point, the originating
system is supposed ot retry with TCP based DNS.
-- IEA408I: GETMAIN cannot provide buffer for WATLIB.
- Next message: chris_at_nospam.com: "Re: Policing user CGI scripts"
- Previous message: Tom Jordan: "Re: Customizing Security"
- In reply to: all mail refused: "Re: Policing user CGI scripts"
- Next in thread: Bodo Eggert: "Re: Policing user CGI scripts"
- Reply: Bodo Eggert: "Re: Policing user CGI scripts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
