Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Whitelist domains on incoming WAN interface

    pfSense Packages
    1
    1
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rkelleyrtp
      last edited by

      Greetings all,

      We are using pfSense 2.3.2 as a front-end firewall to host some public web sites served by nginx.  The flow of traffic:  WAN –> pfSense --> nginx_proxy --> nginx_backend_server

      Last night, we started getting a ton of (what appeared to be) DDOS type connections.  For some reason, http requests to porn/cruft sites were directed to our external IPs, which in turn, caused our nginx proxy server to go mad.  While we are working on configuring nginx to ignore domains that don't belong to us, we are also looking at doing this at the firewall.

      Thus, my question: how can I white list our domains at the firewall?  I looked at squid/squidguard, but they appear to be used on the LAN side and not the WAN side.

      Further, our domain list changes occasionally as we add new clients.  Thus, I need a way of automatically updating the white list (via cron?).

      Any pointers/clues?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.