new | show | ask | jobs Github

kristianp 5 hours ago

> Nearly all of them were for non-existent pages.

Do any webservers have a feature where they keep a list in memory of files/paths that exist?

▲

3 hours ago | parent | next [-]

[deleted]

▲

kristianp 4 hours ago | parent | prev | next [-]

Also why are most requests for non existent pages?

	▲	herecomesthepre 4 hours ago \| parent [-]
		Because they are hunting for vulnerable devices and the requests' existence are unique to an application. Like a VoIP appliance for example. They usually request something deep like /foo/bar/login.html as part of their reconnaissance. I'm up to 4 pages of filter rules after the massive IP blacklist. These assholes are also scanning every address on the IPv4 internet and hoovering up the content. To answer your first question: No, that's the OS's job. But some clever rules could be setup for filtering invalid requests depending on your web server.

▲

unethical_ban 3 hours ago | parent | prev [-]

That's called a WAF, web application firewall, a separate piece of software (or server module) where paths in the web applications hosted are defined, often variables and variable types can be validated, etc. to prevent the kind of attacks these scans are often doing.