Whitelist domains on incoming WAN interface
We are using pfSense 2.3.2 as a front-end firewall to host some public web sites served by nginx. The flow of traffic: WAN –> pfSense --> nginx_proxy --> nginx_backend_server
Last night, we started getting a ton of (what appeared to be) DDOS type connections. For some reason, http requests to porn/cruft sites were directed to our external IPs, which in turn, caused our nginx proxy server to go mad. While we are working on configuring nginx to ignore domains that don't belong to us, we are also looking at doing this at the firewall.
Thus, my question: how can I white list our domains at the firewall? I looked at squid/squidguard, but they appear to be used on the LAN side and not the WAN side.
Further, our domain list changes occasionally as we add new clients. Thus, I need a way of automatically updating the white list (via cron?).