Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    What happens to POST request method?

    pfBlockerNG
    2
    3
    172
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 3
      3freet
      last edited by

      Hi,

      I am using DNSBL and this domain data.mistat.intl.xiaomi.com is blacklisted.
      Today I noticed that one of the mobile devices (from xiaomi) is uploading a lot of data to the VIP Address of the DNSBL webserver. I have an IDS system, digging deep, I found that this client is performing HTTP POST requests to the DNSBL webserver. It appears that this client is trying to upload files.

      The question is, what happens to the files that get uploaded to that VIP address? Do they get deleted immediately after closing the connection?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by BBcan177

        The DNSBL Webserver is Lighttpd, and there is no upload options enabled in the configuration....

        /var/unbound/pfb_dnsbl_lighty.conf

        Also the DNSBL VIP should be listening to a LAN interface? Which interface did you select?
        I haven't see this behavior, so if you find something in your testing, let me know. Thanks!

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • 3
          3freet
          last edited by

          I am really not experienced in this, but looking at the pcap files I see the DNSBL Webserver ends the connection with

          DST: HTTP/1.1 200 OK
DST: Cache-Control: private, no-store, no-cache, must-revalidate, max-age=0

          I guess it does not store any data on pfsense, otherwise the pfsense box would run out of storage in minutes.
          I can say that this has no effect on the firewall itself (other than the processing power), however, it could actually saturate the local bandwidth because I've seen that one device uploading around 300MB in a couple of minutes.

          Of course I can set up limiters, but why not prevent that client from uploading in the first place?
          So, is there a way to allow clients to perform only GET request from the DNSBL webserver? since they shouldn't be uploading anything really (again, I am really not experienced and I even don't know if this is a valid approach).

          The VIP address is configured to listen to a LAN interface.

          Other than that, the pfBlockerNG is working great and it's awesome.

          Thanks!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post