http://coldfusion.com logo
#water-cooler
Title
# water-cooler
n

nickg

04/28/2022, 4:44 PM
the web.config file in IIS is where a lot of this kind of filtering goes on, so that may be a place to try and filter out these odd urls (ie anything that is not www or non-www).
r

rstewart

04/28/2022, 10:15 PM
In an earlier version of our infrastructure we had rewrite rules in the IIS web.config file to explicitly deal with HTTP_HOST header spoofing to make sure that only requests for valid hosts were coming to the applications. (In our current infrastructure, all of that sort of BFM happens well before the request gets to the web server.) We cared because there was no legitimate reason to allow goofy stuff like that through and because in some cases we were using host/server names to determine what environment the application was running in. Looking at some of those you’ve noted, that sort of looks like what you’re dealing with here?
n

nickg

04/29/2022, 12:27 AM
@rstewart Yes, that sounds like what we are seeing here. It's tying up resources and we'd like to block that stuff. Can I ask you how you did it before in web.config and how you are doing it now in your current infrastructure?
e

Evil Ware

04/29/2022, 12:31 AM
Firewalls and null routing works wonders.
n

nickg

04/29/2022, 3:56 PM
@Evil Ware We use IIS. Do you know if null routing could work that way? I'm googling but it's not that clear to me.
e

Evil Ware

04/29/2022, 10:34 PM
Null routing is a nice term for not allowing the bad network to route to your protected host or network. You can do this on windows its route add X.X.X.X mask Y.Y.Y.Y Z.Z.Z.Z if 1 -p
4 Views