nanog mailing list archives
Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?
From: William Herrin <bill () herrin us>
Date: Mon, 23 Aug 2021 09:51:28 -0700
On Thu, Aug 19, 2021 at 7:47 AM Bill Woodcock <woody () pch net> wrote:
4. Does that mean I need a big Web Application Firewall (WAF)Absolutely not. I have no idea what a Web Application Firewall is, but if it’s anything like it sounds like, I wouldn’t let one anywhere near anything I was responsible for securing.
Hi Bill, A WAF is a filtering reverse-web proxy. It can sanitize incoming requests to obstruct hacking against the web server. It's often used for TLS offload as well since it must decrypt the traffic anyway. You give the "real" web server RFC 1918 addresses and put a WAF on the public IP addresses. It also tends to break web sockets, so there's a capability penalty if you use one. A WAF is the second-best answer to Pirawat's problem since it can filter web requests which arrive without an acceptable "Host" header, corresponding to the DNS name the browser used. The best answer is: don't do that. If you have such little trust for your web staff, replace them with trustworthy people. Regards, Bill Herrin -- William Herrin bill () herrin us https://bill.herrin.us/
Current thread:
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?, (continued)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Bill Woodcock (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Pirawat WATANAPONGSE via NANOG (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Adam Thompson (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Owen DeLong via NANOG (Aug 19)
- What does it mean to be issued an IP address block? (Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?) John Curran (Aug 19)
- Re: What does it mean to be issued an IP address block? (Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones?) Anne P. Mitchell, Esq. (Aug 20)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Pirawat WATANAPONGSE via NANOG (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Bill Woodcock (Aug 19)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Valdis Klētnieks (Aug 20)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? tim () pelican org (Aug 23)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? Karl Auer (Aug 23)
- Re: Newbie Questions: How-to monitor/control unauthorized uses of our IPs and DNS zones? tim () pelican org (Aug 23)