What happens to POST request method?

  • Hi,

    I am using DNSBL and this domain data.mistat.intl.xiaomi.com is blacklisted.
    Today I noticed that one of the mobile devices (from xiaomi) is uploading a lot of data to the VIP Address of the DNSBL webserver. I have an IDS system, digging deep, I found that this client is performing HTTP POST requests to the DNSBL webserver. It appears that this client is trying to upload files.

    The question is, what happens to the files that get uploaded to that VIP address? Do they get deleted immediately after closing the connection?


  • Moderator

    The DNSBL Webserver is Lighttpd, and there is no upload options enabled in the configuration....


    Also the DNSBL VIP should be listening to a LAN interface? Which interface did you select?
    I haven't see this behavior, so if you find something in your testing, let me know. Thanks!

  • I am really not experienced in this, but looking at the pcap files I see the DNSBL Webserver ends the connection with

    DST: HTTP/1.1 200 OK
    DST: Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0

    I guess it does not store any data on pfsense, otherwise the pfsense box would run out of storage in minutes.
    I can say that this has no effect on the firewall itself (other than the processing power), however, it could actually saturate the local bandwidth because I've seen that one device uploading around 300MB in a couple of minutes.

    Of course I can set up limiters, but why not prevent that client from uploading in the first place?
    So, is there a way to allow clients to perform only GET request from the DNSBL webserver? since they shouldn't be uploading anything really (again, I am really not experienced and I even don't know if this is a valid approach).

    The VIP address is configured to listen to a LAN interface.

    Other than that, the pfBlockerNG is working great and it's awesome.


Log in to reply