Local IP being added as Anti-DDOS

O

optize

Well-Known Member
#1
#1
I realize you can do this via the "trusted" IP sections, but is it possible to add some functionality NOT to blacklist local IP's to itself, that just seems silly and a really bad idea.
 
O

optize

Well-Known Member
#3
#3
webizen said:
it is to avoid IP spoofing (attacker can pretend to be from local address).
Click to expand...
Spoofing is more on the network layer, if they allow spoofing into their network, they deserve to be hacked ;-)

However, we're seeing issues where a customer needs to grab other data from his other servers, so he'll do a curl or something similar from one domain to another and since Litespeed is blocking (sometimes) the local IPs, that fails.
 
W

webizen

Well-Known Member
#4
#4
Convenience and security usually don't go together. Manually trust localhost is a safety measure to prevent lsws from DDoS attack. Plus, you don't have that many localhost (i.e., 127.0.0.1) addresses to whitelist. That kind of manual work isn't really inconvenient.
 
You must log in or register to reply here.
Top