Hacker News new | ask | show | jobs
by usernamebias 1898 days ago
Maybe we don't filter by ip address, and instead filter requests based on known strings (or regex). That's what i'm currently doing. Ex. If request includes '.env'. Blocked!

I'd love to implement a more aggressive strategy. Rather than a reactive one. I'm currently finding myself going through server logs, and adding new 'keywords' to the 'banned list'.
2 comments
jamal-kumar 1898 days ago
you could just use modsecurity locally on whatever's between the internet and your web application if you insist something external like cloudflare is out of your control

https://github.com/SpiderLabs/ModSecurity

but bogging this up at application level is not going to work in anyone's favour

link
cratermoon 1898 days ago
Yeah, you're talking about what software like SolarWinds intrusion detection is supposed to do. How well did that work for them?
link