#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
# $Id: 125-http-requests,v 1.1 2001/10/18 03:38:40 dholmes Exp $
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# ignore
#i#
#n# http
#t# requests
#
#   |--------------------------------------------------------------------|
#d# This option ignores http and https requests to address ranges
#d# Used to ignore CodeRed and other similar probes
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for host in `Option_Value ignore $INTOPT http requests`
do
	echo "Ignore $INTOPT $host HTTP/HTTPS <- $ANY $UNPRIVPORTS $LOG_MSG"
	ipchains -A $INCHAIN  -j DENY -p tcp -s $ANY $UNPRIVPORTS -d $host http $LOG
#	ipchains -A $INCHAIN  -j DENY -p tcp -s $ANY $UNPRIVPORTS -d $host https $LOG
done
unset host

