: If i use 301 redirects (to bounce the requests), will the other destination be aware of my Server IP? (Just for the knowledge) I wonder, let's say one day, when my Site is suddenly having
(Just for the knowledge)
I wonder, let's say one day, when my Site is suddenly having some attacks at the login page (e.g: /login.php). If i don't bother about my Login page anymore, and i want to redirect these incoming attempts to (let's say) ---> google.com (by using 301 redirects).
Of course then all these kinda illegal attempts will be redirected to Google. And Google will react something on them (their IPs). Then my question is:
Will my Server IP also be black listed? Or at any risk? (Because i'm the one who redirecting to them.)
Or is it legitimate to do?
Just for the knowledge. Thanks all :)
More posts by @Phylliss660
3 Comments
Sorted by latest first Latest Oldest Best
The other answers have already covered that redirecting would be a bad/pointless response and that simply dropping the response with a suitable status would be preferred. However, you did ask some other questions...
will the other destination be aware of my Server IP?
You used Google in your example. Being a search engine they will probably discover the redirect from crawling your site. So yes, they will know your Server IP.
However, some arbitrary website that you are redirecting to will be stuck with looking at the HTTP Referer on the inbound request (if any) and resolving that to find your server IP.
However, any "illegal attempts" are more likely to be from automated bots which may not send the Referer anyway. After all, this would be an additional, unnecessary step for the bot.
Of course then all these kinda illegal attempts will be redirected to ...
This is assuming that these malicious bots even follow redirects (it is, after all, more work). For something like a "login page" that is a known URL they are specifically targeting, why would they follow a redirect? If they don't get a meaningful response on the initial request then abort. But even if they do follow some redirects, it would be trivial for the bot to ignore some nonsense targets... "Google", "Return to sender", "Disney" etc.
Instead of blocking the incoming attacks, or sending to to somewhere else, you could redirect them back from where they are comming from. Thus perhaps breaking the attackers system ;)
I've seen this "science fiction" idea mentioned a few times - but I can't imagine this working as intended in the real world. It's either going to do nothing - the bot simply does not follow the redirect, or in the case of a serious attack, it's going to compound the problem and flood the network (or someone else's network) with traffic. Either way, the bot doesn't care.
Well aren't you friendly...
"Hey Google, I'm having a DOS, but im making it your problem, thanks"
First: There is no difference for you between serving an 301 or an 404 error page. Your server will have to do the same amount of work. The difference here is that you, with your 301->google solution, now ALSO make it Google's problem, effectively doubling the attackers damage.
A solution would be to use a IP based firewall, something along the lines of the commonly used and recommended Fail2Ban service for linux. This allows you to set up effective security. Fail2ban could be used to:
Block entire regions of IP's
Block failed login after X tries (e.g.:3 wrong tries »10min, 10tries »30mins, too many »indefinate)
Block IP's crawling too many pages too fast
Settings up Fail2Ban properly will save you quite some resources and/or hacky solutions.
In the situation you give it is definarely dangerous and not a good idea, and could most definately result in issues for your site, it woukd be better to simply take that one file offline or if the traffic is coming from one cidr block then block that cidr, forwarding the attack to another site oike Google could ge seen as you taking part in the attack, plus user experience would be poor as real users woukd be bounced without expecting it as well.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.