Lewis Edwards wrote:
> First, let me thank you for an excellent product and all the work you put
> into maintaining it.
> I have a web server in a DMZ with only port 80 open to the world. Right
> now, someone can telnet to port 80 and poke around with my Apache
> installation. Given the right person and the wrong installation, this can
> cause a lot of problems. If m0n0wall had stateful (or dynamic) packet
> filtering then port 80 would only accept HTTP connections and the sysadmin
> could sleep (a little) easier.
M0n0 does have SPF. What you are looking for is some kind of
application/protocol specific proxy. I would run the Apache webserver on
some high port, only listening on 127.0.0.1 and then implement a Squid
Caching server running in transparent mode.... aargh but this won't be
possible on Win2K.
I don't think this is something you need to worry about since Apache
will reject anything that is not a valid HTTP request anyway. Perhaps
you should be more concerned with requests that *are* valid HTTP but
that could cause buffer overruns and such.