Hi Yash, > > The thing which is worrying me that i am getting thousands hits everyday > to my server , which i don't want.
I assume you have a leased line and maintaing the webservers yourself. The packets from Internet have already reached your server, so if you your use ipchains/iptables/ any firewall within the same network just ahead of the webserver, your bandwidth has alrady been wasted, as the packets (requests) have already travelled on your leased line before reaching your webserver. Any such protection will only lower load on your webserver and shift it to your firewall system. > Is it possible that we block such request in iptables itself? > Right now My default Rule is ACCEPT for INPUT,OUTPUT,FORWARD. > I read some where on net that it is possible in cisco routers. > So here is great possibilty of same in linux too. > Blocking would require that you know the IP address of the systems you want to block. The malicious packets are in Application layer. You need a L5 switch/firewall to filter out these before reaching your webserver ( Could prove to be damn expensive). I would suggest you treat them as potholes on the indian roads. They will always be there, removing all is too expensive. So in my view you are stuck. > I sure that someone ppl here must be using some trick to avoid such > connections. > If you are able to find out a cheap solution please do let me know. > reading... > Regards Kapil Sethi _______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
