Message Board

Bugs & Development

Older Posts ]   [ Newer Posts ]
 Honeypot managed to block our reverse proxy
Author: D.-6   (17 Jul 15 7:32pm)
Like many server admins who suffer from congestion, we decided to use a two-pronged approach. Http:bl to block spurious requests and spammers, and a caching proxy in front of our main services to speed up access times. Is there a way of running http:bl through something other than Apache or the web application itself? Because the ideal scenario here is that the caching proxy performs all of the operations related to access control, including querying project honeypot. But mod-security, which at one point was capable of using honeypot as a blacklist, isn't stable when run with nginx and keeps crashing. So afaik we're SOL for running http:bl on the caching server. We were running it on the main services instance using a drupal plugin, but then it blocked our proxy server. So that was awkward. I know X-FORWARDED-FOR can't be trusted, but surely it would be enough to give administrators an option to allow a specific IP and when connections originate from that IP, then and only then to trust the X-FORWARDED-FOR header?

So we have had to disable http:bl for now, unfortunately.
 
 Re: Honeypot managed to block our reverse proxy
Author: P.Buonopane   (7 Jun 18 1:20am)
With Nginx, you should be using this: https://nginx.org/en/docs/http/ngx_http_realip_module.html It will allow you to whitelist one level of X-Forwarded-For addresses when it comes from your reverse proxy, which will allow you to securely pass the IP address without risking abuse of the header.



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–18, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email