SLUG Mailing List Archives
Re: [SLUG] blocking port 80 on firewall.
- To: Robert Collins <robertc@xxxxxxxxxxxxxxx>
- Subject: Re: [SLUG] blocking port 80 on firewall.
- From: mlh@xxxxxxxxxxxxxxx
- Date: Thu, 13 May 2004 11:51:43 +1000
- Cc: David Kempe <dave@xxxxxxxxxxxxxxxxxxxxx>
- Cc: slug@xxxxxxxxxxx
- Cc: Grant Parnell <gripz@xxxxxxxxxxx>
- User-agent: Mutt/1.3.28i
On Wed, May 12, 2004 at 11:07:24PM +1000, Robert Collins wrote:
> Lets be clear here:
> I'm all for blocking port 80 flat out and requiring a proxy to be used.
> In that scenario illegitimate programs fail nicely :}.
> I'm also very pro network IDS's combined with firewall rules to
> dynamically drop, block or interrupt sessions.
> None of the above lead to the damaged semantics of hijacking, and they
> allow all the monitoring and blocking you could want.
Is there some way (the easier the better) that allows you
to do things like snooping POST'd data, or even just keeping
stats on the size of POST'd data.