It would be nice if you would add block/unblock by string in CSF, iptables example:
iptables -t raw -A PREROUTING -m string --algo bm --string string_that_you_are_filtering -j DROP
Block by string
Re: Block by string
Here is a link from WHT thread were using this kind of block helped with DDoS post/get attacks
http://www.webhostingtalk.com/showthrea ... 234&page=3
as he noticed that all attacks had user agent string of IE 6.
http://www.webhostingtalk.com/showthrea ... 234&page=3
as he noticed that all attacks had user agent string of IE 6.