Blocking/dropping inbound web requests that don't belong to us
-
Greetings all,
<please feel="" free="" to="" move="" this="" the="" right="" forum="" if="" needed="">I have pfSense 2.2.6 running in front of an nginx reverse proxy server which eventually leads to a back-end web server. Recently, the web server became compromised, and our public IP is now on some sort of world-wide Transparent Proxy list. As a result, the nginx proxy server has been getting hammered with hundreds/thousands of requests for sites we don't host. I am hoping we can block this at the firewall level to alleviate the load on the proxy server.
Is there some sort of tool I can run on pfSense that will inspect incoming http traffic and drop/reject it before getting to the back-end proxy server? I just want requests for sites we host to flow to the proxy server.
Thanks for any pointers.</please>
-
Packets have your public IP for the destination address, but the contents of the packet point at a different location?
Squid may have the ability to do this.
-
nginx is so good at its job of being a proxy, that nginx is probably the best place to filter your requests. Any other package that you use to filter it will make it slower.
And I'm not sure what issue you're describing. nginx is a reverse proxy not a normal proxy. Completely different. You can't access the "Internet" through a reverse proxy, you can only access preconfigured sites.
If you want, redirect them to https://www.fbi.gov/ or something.