Post Reply 
Replying to geriatric's stolen topic.....
Oct. 09, 2004, 07:12 PM
Post: #1

Your latest topic was stolen by the Forum software. I just checked, and I didn't see any evidence of an Admin doing anything with it, so I have to assume that Invision, the software we use for this forum, absconded with it. [angry] As best as I can, I'll try to answer you here and now, and hopefully, the software won't be making any more unilateral decisions about what's a good topic, and what gets the hammer. (I'm still po'd - that's 15 minutes of my life I could have spent better than to have it thrown out by crappy software! grrrr!! [angry])

To recap - you asked if you could institute a general filter to keep members of your uber list from getting in. The short answer is yes, but as usual, there are a few caveats.

The first approximation is that you merely set a filter to have no match in the URL field, to use your list in the Match field, and to leave the Replace field blank. Short, and definitely not sweet. Crude is the word that comes to mind. Works, but needs more..... finesse.

You could also use an outbound header filter to make the same comparison, and use a \k in the Replace field. Both methods should have the same results, but they might take a different amount of time to accomplish their mission. You'll have to try it each way and see what works best.

The main caveat will be, what happens if you allow a page to load with what looks like a friendly site (not on the list), and the browser goes out to get it. Only thing is, that legitimate-sounding site is really just a re-direct site. It will not tell you that you're being redirected, it will simply pass the request along, and voila! You are now officially right back where you didn't wanna be in the first place - your panties are down around your ankles. :o

The Holy Grail of Proxo-dom is to extract the host name from the inbound header, and compare that to a list. Sadly, this doesn't seem to work as advertised, at least not reliably for everybody. Some forum members here say that it works, others say nay. All of those nay-sayers are very highly respected forum members, users, and filter-writers. Until they have good reason to stop objecting, I'm gonna have to side with them. If it ain't reliable, then it ain't ready for prime time.

Don't let this impede you in anyway. With some well thought-out filters, you can prevent 99% of the badguys from every getting in. Just be aware that 1% of them are smarter than the average bear, and will find ways to get around your filters - at least until you discover the damage, and tighten up your own security screens. That very facet of filter writing is why this board exists. We trade information all the time about how to screen out crap, while letting desirable content get in. Just keep reading these topics, and use the Search Assistant when needed. You'll soon enough get the hang of it. After all, I did! Big Teeth

BTW, FWIW, about that re-direct thing? Even if you could extract the host name reliably every time from the inbound header, you'd still have to take the the time to make the comparison against your list. And to top it all off, you might recall the many sites across the 'net use their numerical addresses in their reponse headers! Your uber list just took a large hit in terms of size and processing time, me bucko.

IMNSHO, no matter how sophisticated your filters might be, the chances are vanishingly small that you'd ever approach the sheer speed and elegance of a mediocre hardware firewall. I use an older Netgear router for just this purpose. You want Stateful Packet Inspection. If the box doesn't use that term, just make sure the description says that incoming headers have to match a previous outgoing header, or else they are discarded. This will take care of that troublesome 1% of the smart clowns.

This was all done from memory - I hope I wasn't out in left field!!!


I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Oct. 09, 2004, 07:50 PM
Post: #2
Is it this topic?

No Expression
Visit this user's website
Add Thank You Quote this message in a reply
Oct. 10, 2004, 05:01 AM
Post: #3

Nope, sorry to say, that 'tweren't it. My best guess is that geriatric had some sort of problem when he went to reply to that topic, the one you linked. He then started another thread, carrying on from there. I was able to read his new thread, and was writing my reply to it. You know I always use Preview Post before I actually hit the Add Reply button, right? Well, I had done that not once, but twice, and with no problems. However, after my third edit, I went to Preview, and I got a Board Message saying that there was some kinda problem, and would I please be so kind as to stop my sniveling.

I was so furious that I almost tore the last two remaining hairs right outta my scalp!

I searched high and low, and couldn't find any trace of it ever having existed. I didn't see where anybody with Admin powers could have erased it, let alone merely moved it, so I'm at a total loss. I just don't know what to say, except that I'd like to see what's behind Door Number 2 please, Monty! <_<

If it happens again, I'll PM you with the gory details. But if it only happens once every six months, then I guess it was just my turn in the barrel, and I should be grateful, eh? No Expression

Ciao for now.


p.s. For those of you who are thinking "why didn't he just retrieve it from his cache"..... Shame on you. Think, mensch - how does the cache store things it gets? By filename, yes indeedy, that was worth $32 dollars. Thank you, contestant. Now for the $64 question. Quickly, can you tell me the name of this very page you are reading? That's right, it's the exact bleepin' same filename as every other page here at the forums, thanks in no small part to In-excusable-Vision. Aarrgghh!!

I'm no longer in the rat race - the rats won't have me!
Add Thank You Quote this message in a reply
Post Reply 

Forum Jump: