Is it possible to filter (*.)wpad.* with RPZ?
daniel.stirnimann at switch.ch
Thu Nov 30 07:04:22 UTC 2017
I doubt you can use RPZ for that.
We use https://dnsdist.org/ for that, our rule:
-- WPAD Name Collission Vulnerability
-- US-CERT TA16-144A. Redirect to landing page
On 29.11.17 19:12, Grant Taylor via bind-users wrote:
> Is it possible to filter (*.)wpad.* with RPZ? Or do I need to look into
> Response Policy Service and try to filter that way?
> I've used RPZ for various different things over the years, but I don't
> quite know how to match a wild card on the right hand side.
> Context: I'd like to prevent ""misconfigurations like the following and
> I was hoping that RPZ could be utilized:
> Link - Anybody else having issues with wpad.domain.name?
> Link - Alert (TA16-144A) WPAD Name Collision Vulnerability
> - https://www.us-cert.gov/ncas/alerts/TA16-144A
More information about the bind-users