httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Folini <>
Subject Re: URL scanning by bots
Date Wed, 01 May 2013 19:15:47 GMT

On Wed, May 01, 2013 at 02:47:55AM +0200, André Warnier wrote:
> With respect, I think that you misunderstood the purpose of the proposal.
> It is not a protection mechanism for any server in particular.
> And installing the delay on one server is not going to achieve much.

In fact I did understand the purpose, but I wanted to get
my point across without writing a lengthy message on the
merits and flaws of your theory.

My point is: ModSecurity has all you need to do this
right now. All that is missing is enough people configuring
their servers as you propose.

Like many others, I do not think this will work. If it really
bothers you (and your bandwidth), then I would try and use a 
real-time blacklist lookup (-> ModSecurity's @rbl operator).
Given the work of the spam defenders these blacklist should
contain the ipaddresses of the scanning bots as well.
I do not have this configured, but I would be really
interested to see the effect on average load, connection
use and number of scanning attempts on a server.

Interesting discussion by the way. Maybe a bit hot, though.


Christian Folini

We have to remember that what we observe is not nature herself, but
nature exposed to our method of questioning.  
-- Werner Heisenberg

View raw message