LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-17-2011, 02:59 AM   #1
stormreactor
LQ Newbie
 
Registered: Jul 2011
Posts: 22

Rep: Reputation: Disabled
Post Blocking repeating HTTP/1.0 requests w/ Shorewall


Oookay. For some stupid reason that I cannot comprehend, McAfee Anti-Virus (McSvHost.exe, specifically) on my laptop keeps htting my Apache server with HTTP/1.0 requests and totally JAMS UP my Apache access logs. Why it does this every twelve seconds, no less, is beyond me, but I need to find a way to deny HTTP/1.0 requests on the local network.

While I could conceivably block my laptop IP to port 80 totally, this isn't feasible, as I use my laptop for web dev and need to view my website through the LAN. McAfee also hits with different source ports (it actually moves up the port number chain sequentially), so I can't block it using that either.

Anyway, it would be much appreciated if anyone could help me quickly write up a Shorewall rule that will just block HTTP/1.0 requests on my local network if that's possible (not WAN, 'cause I use that). Any help would be awesome. Thanks all! ^_^
 
Old 08-18-2011, 03:33 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,910

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

I don't know of Shorewall rules, but it's better look in McAfee configuration to try to stop those HTTP requests.
In the meantime, you can set apache logging not to log requests. Assuming your lappy IP is x.x.x.x, you can use:
Code:
SetEnvIf Remote_Addr "x\.x\.x\.x" dontlog
CustomLog access_log combined env=!dontlog
Regards
 
Old 08-19-2011, 01:23 AM   #3
stormreactor
LQ Newbie
 
Registered: Jul 2011
Posts: 22

Original Poster
Rep: Reputation: Disabled
Thanks bathory.

I may have to follow your suggestion after all. I would've preferred it if I could just block the relevant communication packets to stop unnecessary network traffic, but I don't know if Shorewall can look into TCP packets at that depth (although I may be able to make Apache ignore HTTP/1.0 requests from certain IPs, which I should have thought of first—d'oh!).

As for the causal side of things, I've already posted this issue on the McAfee community boards and am still awaiting a response. I'll post any updates if they come my way. Thanks for your help!

--stormreactor

Last edited by stormreactor; 08-19-2011 at 01:25 AM.
 
  


Reply

Tags
block, http, request, shorewall


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
http relay - tracking http requests wastingtime Linux - Server 2 04-28-2009 06:05 PM
shorewall and blocking ip hariiyer Linux - Security 1 01-17-2007 10:25 AM
Blocking ICMP requests metallica1973 Linux - Security 4 04-02-2006 12:48 PM
blocking DHCP requests jjfate Linux - Networking 4 06-20-2003 01:49 PM


All times are GMT -5. The time now is 11:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration