filter known hack attempts

Kristian Lyngstol kristian at
Wed Sep 1 13:56:30 CEST 2010

On Wed, Sep 01, 2010 at 11:49:16AM +0000, Poul-Henning Kamp wrote:
> In message <AANLkTinMoCOrB98hq+o8N1j4+unDR6NNcVw+xEjiDnC0 at>, Ales
> sandro Ronchi writes:
> >is it possible to filter with vernish some known hack attempts, link
> >/cltreq.asp?UL=1&ACT=4&BUILD=6254&STRMVER=4&CAPREQ=0
> >/_vti_bin/owssvr.dll/
> Yes, Kristian did something "mod_security" like I think.

Yeah, I helped Edward and Kacper out with "security.vcl", it's kept in svn
under varnish-tools/security.vcl/. It was/is a PoC of how a more generic
"security modules for VCL" could be done.

Keep in mind that it wont catch data sent through POST data though.

- Kristian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <>

More information about the varnish-misc mailing list