You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Peter Horn <pe...@bigpond.com> on 2010/05/20 07:52:16 UTC
[users@httpd] Stealthing a vhost
I have a home server running 4 name vhosts, using a dynamic DNS. The
second, third and fourth vhosts are "real" and known to the DNS. The
default (first) vhost is only accessible by IP address (or an abstruse
and unpublished servername). It gets quite a bit of traffic by IP
address which is clearly attempted intrusion. I have "nailed down" the
vhost so any access receives an error response [but see footnote 1 for
an exception]. This does not stop the intruders, of course. If they get
any kind of response at all, they keep trying. Reporting abuse to ISPs
does not seem to help significantly.
What I would love to do is behave like a good firewall and not respond
at all to these [insert derogatory expletive]s. I have looked high and
low in the Apache docs and can't find any way to NOT respond. There are
lots of ways to set up sophisticated error responses, but no way of
staying silent.
Anyone got any ideas, or should I float this in front of dev@ ?
[1] An HTTP OPTIONS request is (correctly) responded to with 200 OK. I
thought this was a bug until I read the RFC again, slowly. An OPTIONS
request refers to the SERVER, not the HOST.
[2] For anyone that wants to provoke an attack, visit http://88.80.10.1
from (the public IP of) your server. I haven't tried this recently, so
you may find they've been shut down. They are far from the worst
offenders, but easy to provoke.
Regards to all,
Peter
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Stealthing a vhost
Posted by Igor Cicimov <ic...@gmail.com>.
Have you tried mod_security? It's very configurable so might suite your
needs.
Sent from my phone
On May 20, 2010 3:52 PM, "Peter Horn" <pe...@bigpond.com> wrote:
I have a home server running 4 name vhosts, using a dynamic DNS. The second,
third and fourth vhosts are "real" and known to the DNS. The default (first)
vhost is only accessible by IP address (or an abstruse and unpublished
servername). It gets quite a bit of traffic by IP address which is clearly
attempted intrusion. I have "nailed down" the vhost so any access receives
an error response [but see footnote 1 for an exception]. This does not stop
the intruders, of course. If they get any kind of response at all, they keep
trying. Reporting abuse to ISPs does not seem to help significantly.
What I would love to do is behave like a good firewall and not respond at
all to these [insert derogatory expletive]s. I have looked high and low in
the Apache docs and can't find any way to NOT respond. There are lots of
ways to set up sophisticated error responses, but no way of staying silent.
Anyone got any ideas, or should I float this in front of dev@ ?
[1] An HTTP OPTIONS request is (correctly) responded to with 200 OK. I
thought this was a bug until I read the RFC again, slowly. An OPTIONS
request refers to the SERVER, not the HOST.
[2] For anyone that wants to provoke an attack, visit http://88.80.10.1 from
(the public IP of) your server. I haven't tried this recently, so you may
find they've been shut down. They are far from the worst offenders, but easy
to provoke.
Regards to all,
Peter
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org