| View previous topic :: View next topic |
| Author |
Message |
Axis
-
Joined: 29 Sep 2003
Posts: 336
|
 Posted: Sat Feb 18, 2006 7:09 pm Post subject: Anti-Hack and CGI-Proxy |
 |
|
Hello Everyone--
I am running Abyss Web Server X2 (v 2.0.6) and have recently re-established my cgi-proxy script but with the "no images" option on cgi-proxy turned on. I didn't realize this at first but every image that is "blocked" generates a 403.
With the default setting of 20 bad requests in 20 secs banning for 180 secs., it is quite easy for a user to get themselves banned on pages that have many images. Today I set the parameter to allow up to 100 "bad requests" in 20 secs and I think this will allow users to generally not get banned in most cases, however I am concerned about the effect this change will have on overall security.
Does anyone have any thoughts on the "safety" of this setting? Or any ideas of another work-around for this issue?
Regards,
Axis |
|
| Back to top |
  |
 |
Axis
-
Joined: 29 Sep 2003
Posts: 336
|
| Posted: Sat Feb 18, 2006 8:22 pm Post subject: |
|
|
Hi everyone again--
I fixed the problem by hacking the cgi-proxy script so it doesn't return a 403 error when denying images.
http://sixa.no-ip.info/safesurf.html
By the way, people who are needing to know if there site is answering when their router doesn't support feed back are free to use this to check (though your images wont show up.)
Regards,
Axis |
|
| Back to top |
|
|
|
