[Firewall] Possible to Block POST Attacks by User Agent String?

Mick michaelkintzios at gmail.com
Fri Sep 13 20:57:57 CEST 2013

On Friday 13 Sep 2013 19:23:41 Gene Cooper wrote:
> Sorry about the double posting.
> I spoke too soon about the firewall commands.
> The text strings are too generic (POST and UA) and too much valid
> traffic was being blocked, so I'm giving up on the firewall commands for
> now, leaving the web server to deal with it (403 forbidden based on UA
> string).
> Hopefully the botnet will give up soon.
> This has been more difficult than previous attacks...
> Thanks,
> G

I was about to say that you may block some legit users if you use this string:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130913/1c4fead9/attachment.pgp>

More information about the Firewall mailing list