ASL can block incoming connections by hostname or domain. To enable this feature, set this option to yes:
https://wiki.atomicorp.com/wiki/index.php/ASL_WAF#MODSEC_01_DOMAIN_BLOCKS
Once that is enabled, then click on the ASL tab in the ASL web interface, then select Blocking, and then the Domains tab. Add your custom domains or hostnames into the interface one entry at a time. Matching is by string, regular expressions are not supported.
Please note that because matching is by string, users should be careful to use a fully defined hostname or DNS zone entry. For example, if a user wanted to block example.com the correct entry format would be:
.example.com
And not "example.com". example.com will match any entry that contains example.com, including other zones, such as anotherexample.com. If you want to limit a domain you must you DNS zone delimiter ".", as in the example above.
If using a hostname, a hostnames should be defined fully, for example:
www.example.com
This system works by performing a reverse lookup on the incoming hosts IP address. Therefore the system must have a working DNS server, and a local resolver is highly recommended for performance purposes. Remote DNS servers are recommended as they will introduce delays into the resolution process and this will result in degraded performance of the system.
If the DNS lookup returns a hostname or domain name that matches a hostname, or domain that is on the custom domain blocking then the client will be blocked. If the IP address does not have a PTR record, then the IP address will not be blocked.
Note: This feature is currently only available for HTTP and HTTPs protocols that are protected by the ASL embedded WAF, the ASL transparent WAF or the ASL reverse proxy WAF.
Comments
0 comments
Please sign in to leave a comment.