Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 6945 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best way to block a host attempting multiple url's on the WAF?

Louis-M

We have a host that is fairly persistent in trying various URL's on our WAF. Obviously not getting through but should we just leave it at that?

Or should we attempt to block or blackhole if even possible at all???



This thread was automatically locked due to age.
  • 0

    Louis, as #2 in Rulz indicates, the solution is a blackhole DNAT.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    I was looking at that and was going to give it a shot.

    Rule #2 is extremely important but I think it can get lost in the way it is presented in the rulz doc. I think it would be better if it was presented number wise eg 1. 2. 3. each on a different line

    It's probably the biggest gotcha out the lot when it comes to the FW and the proxy as the forum is littered with posts about traffic getting through/not being blocked when in fact its a mis-configuration issue due to not taking into account rule 2

Unfiltered HTML