Advice on preventing http attacks

CharlieBrady

6,918
+3/-0

Re: Advice on preventing http attacks

« Reply #15 on: October 08, 2012, 06:14:46 PM »

Quote from: bhay3s on October 08, 2012, 05:42:22 PM

I am kind of ignorant of PHP ...

http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/

Logged

ghorst352

180
+0/-0

Re: Advice on preventing http attacks

« Reply #16 on: October 08, 2012, 06:33:38 PM »

I am connected as follows:

(Nic1) Wan IP 69.69.x.x ---> DSL Modem
(Nic2) Internal IP ---> Internal Switch

SME Server: Server - Gateway

« Last Edit: October 08, 2012, 06:37:21 PM by bhay3s »

Logged

Stefano

10,894
+3/-0

Re: Advice on preventing http attacks

« Reply #17 on: October 08, 2012, 06:45:31 PM »

Quote from: bhay3s on October 08, 2012, 06:33:38 PM

I am connected as follows:

(Nic1) Wan IP 69.69.x.x ---> DSL Modem
(Nic2) Internal IP ---> Internal Switch

SME Server: Server - Gateway

ok, no doubt about it..
I repeat.. since your SME server has only an "internal" (i.e. on le lan side) use, it should not expose any service on the web, so you should change to server only and point to your dsl modem (modem or router?) as its default gateway..

Logged

ghorst352

180
+0/-0

Re: Advice on preventing http attacks

« Reply #18 on: October 08, 2012, 08:49:32 PM »

The reason why I have it setup this way is per recommendation from SME staff. I had asked the best method of setting up a transparent proxy and was advised on using 2 nics (1 for the outside and 1 for the inside) and to setup sme server as a Server - Gateway. Is this not correct?

Logged

ghorst352

180
+0/-0

Re: Advice on preventing http attacks

« Reply #19 on: October 09, 2012, 11:07:39 AM »

Refer to this thread http://forums.contribs.org/index.php/topic,48639.msg241764.html#msg241764

Logged

CharlieBrady

6,918
+3/-0

Re: Advice on preventing http attacks

« Reply #20 on: October 09, 2012, 06:06:05 PM »

Quote from: bhay3s on October 08, 2012, 08:49:32 PM

The reason why I have it setup this way is per recommendation from SME staff.

There are no staff.

Quote

I had asked the best method of setting up a transparent proxy and was advised on using 2 nics (1 for the outside and 1 for the inside) and to setup sme server as a Server - Gateway. Is this not correct?

Correct. servergateway with 2 nics is the only way to work as a transparent proxy. You could use 'private server and gateway mode' and then set http and smtp services to access->private.

But then again, if you have no web applications installed, you are very unlikely to be vulnerable to any http attacks. You should be spending your time elsewhere - e.g. ridding your local network of Windows computers.

« Last Edit: October 09, 2012, 06:14:47 PM by CharlieBrady »

Logged

Stefano

10,894
+3/-0

Re: Advice on preventing http attacks

« Reply #21 on: October 09, 2012, 06:13:41 PM »

if you need a transparent proxy you are right

Logged

ghorst352

180
+0/-0

Re: Advice on preventing http attacks

« Reply #22 on: October 09, 2012, 06:22:39 PM »

Quote from: Stefano on October 09, 2012, 06:13:41 PM

There are no staff.

LOL. I know there are no paid staff but I call the dev team and anybody else who works on SME as staff. Staff would be defined by being payed depending on which wiki or dictionary you look at. Or staff as a collective body working on a project or goal lets say........etc. etc..

Quote from: Stefano on October 09, 2012, 06:13:41 PM

if you need a transparent proxy you are right

I did not state that perhaps clearly beforehand so that's my mistake.

Logged