[BlueOnyx:02281] Re: DFix update

[Darrell D. Mobley]

> -----Original Message-----
> From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]
> On Behalf Of Greg Kuhnert
> Sent: Sunday, August 30, 2009 8:18 AM
> To: BlueOnyx General Mailing List; BQ List
> Subject: [BlueOnyx:02258] DFix update
> 
> I have published a new version of DFIX today. The new version has the
> following new features:
> 
>   * DFIX finally respects entries in hosts.allow. So, if you want to
> whitelist any special IP addresses, just put them in there.
>   * DFIX now looks source IP's for any hosts that are generating too
> many "file not founds errors" in your web server. These are very often
> caused by systems that are looking for vulnerabilities in your websites.
>   * There is now a separate configuration file for DFIX in the /etc
> directory. You can make config changes to dfix in that file, and your
> settings will be preserved even if there is an update to the main source
> code.
> 
> Updates are published via NewLinQ. If you would like automated alerts
> about package updates from NewLinQ, make sure you configure your server
> as follows:
> 1. Click on the software updates tab.
> 2. Click on settings.
> 3. Change the query schedule to daily
> 4. Change the software notification light to "All software"
> 5. Click save.
> 
> Enjoy!

Greg, I just installed the new update on my BQ server, and it's going all
tutti-fruity on me.  It is blocking one IP, which appears to be a regular
user, then unblocking him the next minute.  The pattern is
block-unblock-block over and over, every minute.  I think it is blocking him
because when a request is being made to the server for a given URL, that URL
is returned along with all of the JS, CSS, images and include files, which
is going over the breach point. I increased HTTPRECS to 10000 to see if it
makes a difference, but it hasn't.  Thoughts?