Oct. 09, 2004, 07:12 PM
geriatric;
Your latest topic was stolen by the Forum software. I just checked, and I didn't see any evidence of an Admin doing anything with it, so I have to assume that Invision, the software we use for this forum, absconded with it. [angry] As best as I can, I'll try to answer you here and now, and hopefully, the software won't be making any more unilateral decisions about what's a good topic, and what gets the hammer. (I'm still po'd - that's 15 minutes of my life I could have spent better than to have it thrown out by crappy software! grrrr!! [angry])
To recap - you asked if you could institute a general filter to keep members of your uber list from getting in. The short answer is yes, but as usual, there are a few caveats.
The first approximation is that you merely set a filter to have no match in the URL field, to use your list in the Match field, and to leave the Replace field blank. Short, and definitely not sweet. Crude is the word that comes to mind. Works, but needs more..... finesse.
You could also use an outbound header filter to make the same comparison, and use a \k in the Replace field. Both methods should have the same results, but they might take a different amount of time to accomplish their mission. You'll have to try it each way and see what works best.
The main caveat will be, what happens if you allow a page to load with what looks like a friendly site (not on the list), and the browser goes out to get it. Only thing is, that legitimate-sounding site is really just a re-direct site. It will not tell you that you're being redirected, it will simply pass the request along, and voila! You are now officially right back where you didn't wanna be in the first place - your panties are down around your ankles. :o
The Holy Grail of Proxo-dom is to extract the host name from the inbound header, and compare that to a list. Sadly, this doesn't seem to work as advertised, at least not reliably for everybody. Some forum members here say that it works, others say nay. All of those nay-sayers are very highly respected forum members, users, and filter-writers. Until they have good reason to stop objecting, I'm gonna have to side with them. If it ain't reliable, then it ain't ready for prime time.
Don't let this impede you in anyway. With some well thought-out filters, you can prevent 99% of the badguys from every getting in. Just be aware that 1% of them are smarter than the average bear, and will find ways to get around your filters - at least until you discover the damage, and tighten up your own security screens. That very facet of filter writing is why this board exists. We trade information all the time about how to screen out crap, while letting desirable content get in. Just keep reading these topics, and use the Search Assistant when needed. You'll soon enough get the hang of it. After all, I did!
BTW, FWIW, about that re-direct thing? Even if you could extract the host name reliably every time from the inbound header, you'd still have to take the the time to make the comparison against your list. And to top it all off, you might recall the many sites across the 'net use their numerical addresses in their reponse headers! Your uber list just took a large hit in terms of size and processing time, me bucko.
IMNSHO, no matter how sophisticated your filters might be, the chances are vanishingly small that you'd ever approach the sheer speed and elegance of a mediocre hardware firewall. I use an older Netgear router for just this purpose. You want Stateful Packet Inspection. If the box doesn't use that term, just make sure the description says that incoming headers have to match a previous outgoing header, or else they are discarded. This will take care of that troublesome 1% of the smart clowns.
This was all done from memory - I hope I wasn't out in left field!!!
Oddysey
Your latest topic was stolen by the Forum software. I just checked, and I didn't see any evidence of an Admin doing anything with it, so I have to assume that Invision, the software we use for this forum, absconded with it. [angry] As best as I can, I'll try to answer you here and now, and hopefully, the software won't be making any more unilateral decisions about what's a good topic, and what gets the hammer. (I'm still po'd - that's 15 minutes of my life I could have spent better than to have it thrown out by crappy software! grrrr!! [angry])
To recap - you asked if you could institute a general filter to keep members of your uber list from getting in. The short answer is yes, but as usual, there are a few caveats.
The first approximation is that you merely set a filter to have no match in the URL field, to use your list in the Match field, and to leave the Replace field blank. Short, and definitely not sweet. Crude is the word that comes to mind. Works, but needs more..... finesse.
You could also use an outbound header filter to make the same comparison, and use a \k in the Replace field. Both methods should have the same results, but they might take a different amount of time to accomplish their mission. You'll have to try it each way and see what works best.
The main caveat will be, what happens if you allow a page to load with what looks like a friendly site (not on the list), and the browser goes out to get it. Only thing is, that legitimate-sounding site is really just a re-direct site. It will not tell you that you're being redirected, it will simply pass the request along, and voila! You are now officially right back where you didn't wanna be in the first place - your panties are down around your ankles. :o
The Holy Grail of Proxo-dom is to extract the host name from the inbound header, and compare that to a list. Sadly, this doesn't seem to work as advertised, at least not reliably for everybody. Some forum members here say that it works, others say nay. All of those nay-sayers are very highly respected forum members, users, and filter-writers. Until they have good reason to stop objecting, I'm gonna have to side with them. If it ain't reliable, then it ain't ready for prime time.
Don't let this impede you in anyway. With some well thought-out filters, you can prevent 99% of the badguys from every getting in. Just be aware that 1% of them are smarter than the average bear, and will find ways to get around your filters - at least until you discover the damage, and tighten up your own security screens. That very facet of filter writing is why this board exists. We trade information all the time about how to screen out crap, while letting desirable content get in. Just keep reading these topics, and use the Search Assistant when needed. You'll soon enough get the hang of it. After all, I did!
BTW, FWIW, about that re-direct thing? Even if you could extract the host name reliably every time from the inbound header, you'd still have to take the the time to make the comparison against your list. And to top it all off, you might recall the many sites across the 'net use their numerical addresses in their reponse headers! Your uber list just took a large hit in terms of size and processing time, me bucko.
IMNSHO, no matter how sophisticated your filters might be, the chances are vanishingly small that you'd ever approach the sheer speed and elegance of a mediocre hardware firewall. I use an older Netgear router for just this purpose. You want Stateful Packet Inspection. If the box doesn't use that term, just make sure the description says that incoming headers have to match a previous outgoing header, or else they are discarded. This will take care of that troublesome 1% of the smart clowns.
This was all done from memory - I hope I wasn't out in left field!!!
Oddysey