Re: blocking unwanted traffic from hitting gateway

[Matthew Palmer <mpalmer () hezmatt org>]

On Wed, May 18, 2011 at 09:42:03AM -0300, Rogelio wrote:
> I've got about 1000 people hammering a Linux gateway with http
> requests, but only about 150 of them are authenticated users for the
> ISP.

Are you the ISP, or someone else?  Why is the gateway caring that the
requests are HTTP?  Is it also an HTTP server (and if so, does it matter
that it's a gateway?)

> Once someone authenticates, then I want their traffic to pass through
> okay.  But if they're not an authenticated user, I would like to
> ideally block those http requests (e.g. Google updater, AV scanners,
> etc) from ever tying up my web server.

What authentication mechanism are acceptable?  HTTP at the request level,
captive portal, custom app, etc etc etc.

> Is there some sort of box I could put in front (e.g. OpenBSD pf in
> transparency mode) or maybe some sort of filter on the webserver?

What risk or problem are you actually trying to mitigate against?  Sure, you
can put all sorts of things in front of it or on it, but are you just going
to be moving the problem (whatever it may be) to another box, adding
complexity for no good reason?

> This solution would need to be tied into the authentication services
> so authenticated users hit the gateway.

You might want to mention what "authentication services" you're using if you
want any useful recommendation about tying into it.

- Matt

-- 
The hypothalamus is one of the most important parts of the brain, involved
in many kinds of motivation, among other functions. The hypothalamus
controls the "Four F's": 1. fighting; 2. fleeing; 3. feeding; and 4. mating.
                -- Psychology professor in neuropsychology intro course