From: Georgi Alexandrov <georgi.alexandrov@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: Route block CONNECT requisitions for apache
Date: Tue, 29 Nov 2005 23:47:52 +0200 [thread overview]
Message-ID: <438CCC88.4040702@gmail.com> (raw)
In-Reply-To: <eb5ae9cc0511270637y4bc28d2fp348dfbf215425fe6@mail.gmail.com>
Leonardo Marques wrote:
>On 11/27/05, Georgi Alexandrov <georgi.alexandrov@gmail.com> wrote:
>
>
>>Leonardo Marques wrote:
>>
>>
>>
>>>Hello,
>>>
>>>I have a apache webserver behind a iptables firewall, and some people
>>>are trying to abuse from my server probably for spam. I have this
>>>information on the log of the apache:
>>>
>>>219.80.160.238 - - [27/Nov/2005:08:56:13 -0200] "CONNECT
>>>64.161.246.99:25 HTTP/1.0" 200 6446
>>>
>>>I have a lot of this lines, with some diferent IPs, I already blocked
>>>all those IPs.
>>>
>>>I want create a rule that block all those type of connections, someone
>>>know how can i do?
>>>
>>>The ideia ir more or less it:
>>>
>>>"everything witch comes for the htttp_port wich contain 'connect type
>>>connections' must be deny or droped'"
>>>
>>>
>>>
>>>
>>>
>>What's the point in doing this? As those are no harm to your system.
>>Or you like to complex your life as much as possible and then say: "oh,
>>security isn't for everyone, but i'm managing somehow!"
>>Perhaps you should leave those and deal with something more useful.
>>
>>
>>
>
>Whats the problem to search a finally solution for a problem!? I cant
>understand
>why you are so brave with it. I thought here is a place to discuss
>about security with Iptables. :/
>
>Whats the problem to dont have free time to be reading the apache log
>and be blocking manually a lot of ips?! Whats the problem to find a
>rule wich solve this problem for me?!
>
>Exactly, i need it to be automated, to have time to do another things.
>
>Georgi, if you dont want help... just dont say nothing, its better for
>me, for you, for everybody.
>
>
>
>>regards,
>>Georgi Alexandrov
>>
>>
>>
>>
>
>--
>------------------------------
>Leonardo Marques
>http://www.analyx.org
>------------------------------
>
>
>
>
I don't see a problem, that's why i'm saying this.
You are getting scanned about open proxy ability, e.g. you're being
scanned for a open proxy listening on port 80 which you actually don't
have and use on port 80.
why do you need to block these then? just to complex your life (wife)
situation?
prev parent reply other threads:[~2005-11-29 21:47 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-27 11:26 Route block CONNECT requisitions for apache Leonardo Marques
2005-11-27 12:06 ` Rob Sterenborg
2005-11-27 12:42 ` Leonardo Marques
2005-11-27 14:07 ` Georgi Alexandrov
2005-11-27 14:37 ` Leonardo Marques
2005-11-29 21:47 ` Georgi Alexandrov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=438CCC88.4040702@gmail.com \
--to=georgi.alexandrov@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.