DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th January 2013
phyro phyro is offline
Port Guard
 
Join Date: Sep 2010
Posts: 27
Default pf by content?

i was just wondering if its possible to have a pf rule to filter on text content

why?

i have a dayz server that runs remotely, it seems every script kitten in the world is bent in injecting the database full of crap to cheat.

as you cant run a public hive on a local machine and still be apart of the community my solution is to move the mysql database to a local machine.

so i wanted to find some way to drop any request that has a #! or similar script id?

not sure if its possible but tia
Reply With Quote
  #2   (View Single Post)  
Old 24th January 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

No, pf cannot filter on text content. That would be what is called deep inspection.
If the script kiddies mess around with the webserver you would need an application firewall like mod_security

See http://en.wikipedia.org/wiki/Firewall_%28computing%29 for information about the OSI levels a packet filter operates.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 7th February 2013
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

We use Varnish.

In our vcl_recv

Code:
  if (
    req.url ~ "(?i)^/(\?mod=|site.php\?a=|index\.php\?option=com_simpledownload|\?(page|file)=\.\.)" ||
    req.url ~ "(?i)(awstats|phpthumb|phpmyadmin|phpalbum|main.php\?cmd=setquality)" ||
    req.url ~ "\.\./\.\./\.\./\.\./\.\./\.\." ||
    req.url ~ "(?i)^/(phorum|cgi-bin|nucleus|dotproject|yappa-ng|PHPNews|_conf|mwchat|Sources|GradeMap)/"
  ) {
    error 404 "Not found";
  }
Simple, but quite effective. We used to get hammered to the point where the webserver were unresponsive, this instantly solved all those problems.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Content Filtering with OpenBSD alpha202ej OpenBSD Security 4 21st December 2011 01:38 PM
block illegal content wesley OpenBSD Security 1 25th December 2010 05:31 PM
Web content filtering Crypt FreeBSD Security 14 14th December 2008 02:38 PM
Learning Content Management System Oko General software and network 0 31st October 2008 04:02 AM


All times are GMT. The time now is 07:56 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick