Local IP being added as Anti-DDOS

Discussion in 'General' started by optize, Jul 5, 2012.

  1. optize

    optize New Member

    I realize you can do this via the "trusted" IP sections, but is it possible to add some functionality NOT to blacklist local IP's to itself, that just seems silly and a really bad idea.
  2. webizen

    webizen New Member

    it is to avoid IP spoofing (attacker can pretend to be from local address).
  3. optize

    optize New Member

    Spoofing is more on the network layer, if they allow spoofing into their network, they deserve to be hacked ;-)

    However, we're seeing issues where a customer needs to grab other data from his other servers, so he'll do a curl or something similar from one domain to another and since Litespeed is blocking (sometimes) the local IPs, that fails.
  4. webizen

    webizen New Member

    Convenience and security usually don't go together. Manually trust localhost is a safety measure to prevent lsws from DDoS attack. Plus, you don't have that many localhost (i.e., 127.0.0.1) addresses to whitelist. That kind of manual work isn't really inconvenient.

Share This Page