IFilter to filter out mischievous requests
6 views
Skip to first unread message
Jan Limpens
Feb 8, 2010, 11:03:17 AM2/8/10
to castle-project-users
I was thinking about making a filter for filtering out all thos stupid robot hacking requests we are getting.
1) does this already exist somewhere?
2) Is this a good idea at all, or should this happen at another layer?
3) If I need to impl this - are there good libraries around to help me identify xss, sql injection, etc... requests?
Thanks!
--
Jan
1) does this already exist somewhere?
2) Is this a good idea at all, or should this happen at another layer?
3) If I need to impl this - are there good libraries around to help me identify xss, sql injection, etc... requests?
Thanks!
--
Jan
Mauricio Scheffer
Feb 8, 2010, 12:31:16 PM2/8/10
to Castle Project Users
I'm not a security expert, but IMHO an IFilter could only be the
*last* line of defense. Before the request really reaches your app you
could have an apache+mod_security proxy, and then some ISAPI filters
to blacklist some user-agents ( http://www.tacticaltechnique.com/bots/blacklisting-via-iirf/
) or reject certain URL patterns (
http://kartones.net/blogs/kartones/archive/2008/05/27/iirf-a-decent-url-rewriter-isapi-filter.aspx
).
*last* line of defense. Before the request really reaches your app you
could have an apache+mod_security proxy, and then some ISAPI filters
to blacklist some user-agents ( http://www.tacticaltechnique.com/bots/blacklisting-via-iirf/
) or reject certain URL patterns (
http://kartones.net/blogs/kartones/archive/2008/05/27/iirf-a-decent-url-rewriter-isapi-filter.aspx
).
Also take a look at AQTRONIX WebKnight, haven't tried it but looks
good ( http://www.aqtronix.com/?PageID=99 )
BTW your app should be by itself resistant to sql injection attacks.
It would also be cool to have something like asp.net mvc's
AntiForgeryToken (
http://blog.stevensanderson.com/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/
) in MonoRail.
Cheers,
Mauricio
Jan Limpens
Feb 8, 2010, 1:37:06 PM2/8/10
to castle-pro...@googlegroups.com
On Mon, Feb 8, 2010 at 3:31 PM, Mauricio Scheffer <mauricio...@gmail.com> wrote:
BTW your app should be by itself resistant to sql injection attacks.
Thanks for the list! I'll investigate into this...
--
Jan
John Simons
Feb 8, 2010, 4:11:29 PM2/8/10
to castle-pro...@googlegroups.com
Jan, if you can figure out the URL pattern that the robots use, you should be able to configure route patterns to handle the robots.
Cheers John
Cheers John
--
You received this message because you are subscribed to the Google Groups "Castle Project Users" group.
To post to this group, send email to castle-pro...@googlegroups.com.
To unsubscribe from this group, send email to castle-project-u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/castle-project-users?hl=en.
Yahoo!7: Catch-up on your favourite Channel 7 TV shows easily, legally, and for free at PLUS7. Check it out.
Jan Limpens
Feb 8, 2010, 5:24:41 PM2/8/10
to castle-pro...@googlegroups.com
there are so many different robots, all of them using all possible php exploits on my mr pages, it is almost amusing to see, how easy it must be to hack a lot of sites out there. if there is a pattern i'd rather have some security minded folk taking care of this than me trying to figure that out...
but you are right, routes could be an option. one could persist and the redirect non successfull controller/action combos which then would not even touch a more resourceful controller/action.--
Jan
but you are right, routes could be an option. one could persist and the redirect non successfull controller/action combos which then would not even touch a more resourceful controller/action.
Jan
Reply all
Reply to author
Forward
0 new messages