Firewall Wizards mailing list archives
Re: Best way to block incoming connections from open httpproxy servers?
From: <lordchariot () embarqmail com>
Date: Thu, 24 May 2007 00:49:01 -0400
Trying to enumerate the bad IP addresses with open proxies is a loosing battle. I have school kids setting up their own https anonymous proxies to get past the school's filtering system. And they are on a DHCP address with dynamicDNS which they reset every night so it's different the next day when they go to school. Way too much maintenance for me. Their may be some comprehensive lists of proxies out there, but none that I find very well-maintained. Are you trying to prevent external users from anonymizing themselves when they hit your site? You might be able to do it with a reverse proxy of some sort that looks at various characteristics of the request headers and have rules to restrict if there are X-Proxy-Via: or are missing a standard User-Agent: headers. Explain why you are trying to block them and we might have some other ideas. ________________________________ From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Chris Smith Sent: Monday, May 21, 2007 17:16 To: firewall-wizards () listserv icsalabs com Subject: [fw-wiz] Best way to block incoming connections from open httpproxy servers? Hi All. What's the recommended way to maintain a list of public, open http proxies and block them from making inbound connections to an http server with iptables? I have linblock http://www.dessent.net/linblock/ which I use for a few other lists. Is there a regularly updated list out there for open http proxies that can be used for this purpose? I'm hoping I can retrieve a text file with the IP's every day with a cron job and let linblock update an IPTables chain. Perhaps there's a better way? csmith _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Best way to block incoming connections from open http proxy servers? Chris Smith (May 23)
- Re: Best way to block incoming connections from open httpproxy servers? lordchariot (May 25)
- Re: Best way to block incoming connections from open httpproxy servers? White Hat (May 25)
- Re: Best way to block incoming connections from open http proxy servers? Jerry Gardner (May 25)
- Re: Best way to block incoming connections from open http proxy servers? Christine Kronberg (May 28)
- Re: Best way to block incoming connections from open httpproxy servers? lordchariot (May 25)