-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Drop HTTP session on security events #1045
Comments
Good question. Ideally we should provide a configuration option for a system administrator: whether to block a [probably] malicious client on IP layer or challenge them next time on HTTP layer. So it's linked with #934 (Filter unification with nftables and/or XDP) and I move it to 1.2 milestone. Linked with #598 (comment) : #1115 has introduced client differentiation by HTTP headers - such clients can work through the same TCP connection established by a proxy and we need to drop their HTTP sessions separately. |
UPD.
|
Linked with #598
When a security event happens TCP connection between Tempesta and client is closed. Optionally source ip is blocked.
How about HTTP session? Shall we mark HTTP session as expired to stop client from reaching us via proxies, and make him to pass java script challenge once again?
Testing
The text was updated successfully, but these errors were encountered: