[Firewall] Possible to Block POST Attacks by User Agent String?

Mick michaelkintzios at gmail.com
Fri Sep 13 20:57:57 CEST 2013


On Friday 13 Sep 2013 19:23:41 Gene Cooper wrote:
> Sorry about the double posting.
> 
> I spoke too soon about the firewall commands.
> 
> The text strings are too generic (POST and UA) and too much valid
> traffic was being blocked, so I'm giving up on the firewall commands for
> now, leaving the web server to deal with it (403 forbidden based on UA
> string).
> 
> Hopefully the botnet will give up soon.
> 
> This has been more difficult than previous attacks...
> 
> Thanks,
> 
> G


I was about to say that you may block some legit users if you use this string:

 http://www.webmasterworld.com/search_engine_spiders/4058096.htm

-- 
Regards,
Mick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20130913/1c4fead9/attachment.pgp>


More information about the Firewall mailing list