PF rules for httpd

atmosx · #1 September 15th, 2012, 01:36

Hello,

I am going to use a FreeBSD with Nginx and a ruby (unicorn) app. I cannot use jails, I have a fairly secure system, since I'm the only use who has access to it... No other users laying around.

Nginx will not feature any post form. Nginx is going server an octopress blog, which features static content and some javascript. There's no login mechanism since I do my changes locally and 'deploy' via SSH.

Are there any PF rules that would help an httpd with possible break in attempts and DOS attacks? If yes can I see some examples to start getting ideas?

thanks and best regards

**SirDice** · #2 September 17th, 2012, 08:01

Quote:

Originally Posted by atmosx

Are there any PF rules that would help an httpd with possible break in attempts and DOS attacks? If yes can I see some examples to start getting ideas?

PF works on layer 3/4. Almost all web based attacks happen above layer 7, on the application. There's nothing in PF that can prevent an application based attack.

As for a DOS, you can rate limit some of the connections but with a proper DDoS your uplink will be completely saturated, no amount of filtering on your end of the pipe is going to change that.

atmosx · #3 September 21st, 2012, 17:33

Hello,

rate limit will work I think. I'm not sure but if httpd scripts use threads (meaning simultaneous connections) to get results asap, rate-limit is a good way to go.

Thanks for the hint

shitson · #4 September 22nd, 2012, 14:10

Are DOS attacks are problem with your site and What is your expected number of Hits per Day?

atmosx · #5 September 23rd, 2012, 10:47

Hello here are the rules that I currently use, there's a problem with dnsmasq though, it doesn't supply IP's to the local network, which might make sense... Maybe I should change that to *any* instead of *$lan*.

My httpd should not exceed 100-150 hits per day. Now receives less than 50. DOS attacks I think are not a problem, because my website is not receiving hits/notoriety of any sort so... I can hardly see it as a possible target from a bot-net or something.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Protecting HTTPd via PF	APseudoUtopia	Firewalls	6	February 6th, 2013 13:53
Panic in httpd	Paso	Web & Network Services	2	May 21st, 2010 17:37
Are there any way to add new rules to pf without write the rules to the pf.conf	tanakorn	Firewalls	2	February 8th, 2010 09:09
Help! I'm being exploited via httpd!	digitsix	General	0	February 17th, 2009 19:38
httpd.core	mfaridi	Web & Network Services	6	December 18th, 2008 05:11

The Following User Says Thank You to SirDice For This Useful Post:
atmosx (September 21st, 2012)