• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 515
  • Last Modified:

block url requests coming into our website

i have an asa 5510 firewall.  inside i have our web server.  I continuously get intrusion attacks for a url that i do not host.  the domain is right but the last part of the url is a file i do not host.  symantec ids blocks it but i get so many that i would like to cut these requests off at the router.... how do i do this.  I know how to block website requests originating from the inside of the router to the outside.  can the asa also block url requests originating from the outside to the web server?  the ip addresses change so i cant block it by ip.
0
jamesmetcalf74
Asked:
jamesmetcalf74
1 Solution
 
Giovanni HewardCommented:
Are you able to block by source IP or net range?

If not, I'd look into a layer 7 web application firewall (WAF), such as ModSecurity with the OWASP ModSecurity Core Rules as a starting point, or Sucuri WAF if you'd prefer a managed (cloud) solution.

You could also create your own IPS script, hosted at the offending URI.  Whenever the offending location is requested, the script would automatically update your ASA rules to block the source IP.
0

Featured Post

Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now