Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

block url requests coming into our website

Posted on 2014-02-12
1
Medium Priority
?
501 Views
Last Modified: 2014-02-16
i have an asa 5510 firewall.  inside i have our web server.  I continuously get intrusion attacks for a url that i do not host.  the domain is right but the last part of the url is a file i do not host.  symantec ids blocks it but i get so many that i would like to cut these requests off at the router.... how do i do this.  I know how to block website requests originating from the inside of the router to the outside.  can the asa also block url requests originating from the outside to the web server?  the ip addresses change so i cant block it by ip.
0
Comment
Question by:jamesmetcalf74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 2000 total points
ID: 39853458
Are you able to block by source IP or net range?

If not, I'd look into a layer 7 web application firewall (WAF), such as ModSecurity with the OWASP ModSecurity Core Rules as a starting point, or Sucuri WAF if you'd prefer a managed (cloud) solution.

You could also create your own IPS script, hosted at the offending URI.  Whenever the offending location is requested, the script would automatically update your ASA rules to block the source IP.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question