Re: [squid-users] Squid as a web application firewall

From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo_at_gmail.com>
Date: Sun, 22 Jun 2008 12:53:05 +1930

Hi!

On Sun, Jun 22, 2008 at 10:26 AM, howard chen <howachen_at_gmail.com> wrote:
> Hi all,
>
> I am not sure if anyone think about this before.
>
> Consider a traditional setup for today web applications:
>
>
> User <==> Squid(s) <==> Apache(s) <==> MySQL / Memcached / NFS
>
>
> Currently I have mod_security installed on every Apache to prevent
> attacks such as SQL Injection, XSS ect.
>
> Sure, as a web application firewall, you would need more features then
> mod_security currently provided, e.g.
>
> 1. rate-limiting, e.g. limit your user from accessing register.cgi for
> not more than 1 time per minutes (against spam or application level
> DOS)
> 2. Block user by IP, subnet
> 3. Block by request header, e.g. UA, cookie

I must assume by "user" you mean "browser/computer accessing the
application", not an "application authenticated" user.

for 1: maybe iptables + l7filter ( http://l7-filter.sourceforge.net/ ).
for 2: iptables, yup, plain iptables.
for 3. not sure... but maybe iptables + l7filter too.

>
> Of course I am not going to ask to merge all this features into squid,
> but I want to ask if it is feasible to develop all these feature as a
> external program, and squid will pass the needed info to a program
> similar to a redirector (or maybe just using redirector concept).
>
> I am just not sure if it is suitable to perform all these actions at
> squid layer.
>
> Howard
>

Ildefonso.
Received on Sat Jun 21 2008 - 17:23:11 MDT

This archive was generated by hypermail 2.2.0 : Sun Jun 22 2008 - 12:00:04 MDT