Hi, I run a personal https at home with no official certificate. The hostname I use is a dynamic dns hostname. Apache/2.4.9 OpenSSL/1.0.1e-fips PHP/5.5.12 SVN/1.8.8 mod_perl/2.0.9-dev Perl/v5.18.2
On ssl_request I see a couple of entries like this: TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/ HTTP/1.1" 287 TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/vtigerservice.php HTTP/1.1" 304 TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/graph.php?current_language=../../../../../../../..//etc/elastix.conf%00&module=Accounts&action HTTP/1.1" 296 TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/ HTTP/1.1" 287 from undesired clients. Is there a way to limit the IPs of clients that http/https queries can come from?
