Custom probe settings

From MikroTik Wiki
Jump to: navigation, search


The follow probe supplies the web server with appropriate headers, satisfying the requirements of apache's mod_security, otherwise tons of log entries are generated complaining about missing host header, user agent header, and invalid options.

Name: http
Type: TCP
Port: 80

Send: HEAD / HTTP/1.0\r\nHost:\r\nUser-Agent: The-Dude/2.2\r\nAccept: text/*\r\n\r\n
Receive: ^HTTP/1\\.


The default SSH probe gives the following log entries in /var/log/secure:

Did not receive identification string from ::ffff:XXX.XXX.XXX.XXX

To clean this up, I changed the ssh probe to the following:


Name: ssh
Type: TCP
Port: 22
Conncet Only: unchecked
First Receive, Then Send: Checked

Send: <greyed out>
Receive: ^SSH\\.*
Send: SSH-2.0-TheDude-Ping\r\n

Now the entry I get in the log file is:

Connection closed by ::ffff:XXX.XXX.XXX.XXX

The connection is now "properly" closed by The Dude.