DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 3 Weeks Ago
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 97
Default relayd block bad request

Hi, all

With relayd, how can I block this request :
Code:
/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>
or:
Code:
/?XDEBUG_SESSION_START=phpstorm
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733

Last edited by CiotBSD; 3 Weeks Ago at 12:49 PM.
Reply With Quote
  #2   (View Single Post)  
Old 3 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,974
Default

I haven't used relayd in about 8 years, but something like:
Code:
block url "/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>" label "URL blocked"
block url "/?XDEBUG_SESSION_START=phpstorm" label "URL blocked"
might possibly work. Have you been through the FILTER RULES section of the relayd.conf(5) man page?

Last edited by jggimi; 3 Weeks Ago at 01:03 PM. Reason: added second line to match the edited original post
Reply With Quote
  #3   (View Single Post)  
Old 3 Weeks Ago
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 97
Default

NO, this pass.
I attempt too, with block query or block path without any success!

Even, as:
Code:
block query "XDEBUG_SESSION_START" value "phpstorm" label "blocked"
block request query "*" value "*" label "blocked"
etc.

Why I attempt?
Because, I delivery only static; and to try if possible.
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
  #4   (View Single Post)  
Old 2 Weeks Ago
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 97
Default

OK, tonight, I found how to do:

Code:
block quick query "a" value "fetch"         label '<em>Blocked!</em>'
block quick query "XDEBUG_SESSION_START"    label '<em>Blocked!</em>'
So, simply!


----

How can I block all methods other than GET, HEAD?!
Do I specify block method for all of them?
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733

Last edited by CiotBSD; 2 Weeks Ago at 11:35 PM.
Reply With Quote
  #5   (View Single Post)  
Old 2 Weeks Ago
bsdun's Avatar
bsdun bsdun is offline
Real Name: Steve
Port Guard
 
Join Date: Feb 2020
Posts: 11
Default

Something like this:
Code:
http protocol getonly {
return error
pass quick method GET
block label "Forbidden Method"
}
Reply With Quote
Reply

Tags
bad, block, relayd, request

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Understanding relayd sleepyjoe OpenBSD Security 2 26th April 2020 05:30 AM
relayd which interface? calanon OpenBSD General 3 5th November 2019 07:45 PM
Relayd as a HTTPS client e1-531g OpenBSD Security 4 11th January 2016 07:11 PM
relayd gpatrick OpenBSD General 0 8th May 2012 10:10 PM
relayd gpatrick OpenBSD General 1 16th January 2010 12:19 AM


All times are GMT. The time now is 06:09 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick