[ale] Moving httpd to different port (was AT&T Broadband blockinginbound http?)

Jonathan Rickman jonathan at xcorps.net
Wed Aug 15 11:17:02 EDT 2001


On Wed, 15 Aug 2001, Jim Popovitch wrote:

> --- Jonathan Rickman <jonathan at xcorps.net> wrote:
> > there's not much reason to use tcpwrappers anyway if you're
> > making use of another access control method like ipchains.
>
> Why?  I run several webservers with apache running in standalone mode,
> no ipchains, no security problems.

Example...

66.7.131.131 - - [14/Aug/2001:16:31:13 -0400] "GET
/ftp/pub/code/ HTTP/1.0" 200 6530 "-" "Openfind data gatherer,
Openbot/3.0+(robot-response at openfind.com.tw;+http://www.openfind.com.tw/robot.html)"

3,569 of those every two days will make you think differently. Of course there's
not a security issue. I didn't say that. There's a nuisance issue. In my
experience, it's more efficient to block things like this externally, either
thru firewalling or tcpwrappers, than to use Apache ACLs.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list