[thelist] 404 a Whole Sub-Domain
Ken Schaefer
Ken at adOpenStatic.com
Sat Sep 1 06:35:49 CDT 2007
Whilst being paranoid is a good thing, I don't see how (1) affects your situation.
Whilst IP addresses can be spoofed, the sending of a packet with a spoofed IP address will never get a response from your server (because the server will send the response back to the spoofed source IP, not the sender's actual IP address). So what use is a spoofed IP address? It can be used to send a one-packet payload that might compromise your server, or it can be used to cause a DoS attack by opening TCP connections that the server isn't going to timeout quickly enough, or if the attacker can also hack routers, they may be able to have a response routed back to them (not usually an issue on the public internet).
Cheers
Ken
-----Original Message-----
From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jon Molesa
Sent: Thursday, 30 August 2007 10:56 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] 404 a Whole Sub-Domain
Answer
1) Because IP's can be and are spoofed.
or
2) Because I'm paranoid. :-)
Basically the parking page confirms that a site exists at that address
even though I have
deny all
in .htaccess. The welcome.conf on Redhat is has priority over .htaccess
for no default index. I want to override that.
*On Wed, Aug 29, 2007 at 04:40:59PM -0700 Brady Mitchell <mydarb at gmail.com> wrote:
> Date: Wed, 29 Aug 2007 16:40:59 -0700
> From: "Brady Mitchell" <mydarb at gmail.com>
> To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
> Subject: Re: [thelist] 404 a Whole Sub-Domain
>
> > I'm looking for a way to 404 a whole sub-domain.
> >
> > I'm setting up a webservice on the sub-domain for internal use. I've
> > got traffic deny except for a particular IP in .htaccess. I have a
> > default page setup in /etc/http/conf.d/welcome.conf as a parking page.
> > I either need to overide that, or just create an index.html that spits
> > out 404 headers.
>
> I must not be understanding the problem properly. If you're denying
> access to all but the one IP address that you want to have access to
> this system, why do you need the additional 404?
>
> Brady
> --
>
> * * Please support the community that supports you. * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
--
Jon Molesa
rjmolesa at consoltec.net
if you're bored or curious
http://rjmolesa.com
--
* * Please support the community that supports you. * *
http://evolt.org/help_support_evolt/
For unsubscribe and other options, including the Tip Harvester
and archives of thelist go to: http://lists.evolt.org
Workers of the Web, evolt !
More information about the thelist
mailing list