Re: [CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables

On Wed, Aug 31, 2011 at 12:17 PM, John R Pierce pierce@hogranch.com wrote:

...

Wrong. Some can be determined by machine searching for 'known' invalid URL strings which are not remotely similar to valid web page names.

there's an infinite number of invalid strings, and only a finite number of valid ones.

anyways, your webserver already filters these out, its not going to respond to an invalid URL with anything other than '404'.  thats its job.

The idea isn't as crazy as it sounds - expensive firewalls offer the option to block URLs including known exploits and it is a much faster way to protect a farm of servers behind it than waiting for the OS vendor to come up with a service pack to make the servers less vulnerable.