Return-Path: 
 <users-return-39837-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 93685 invoked from network); 1 Apr 2004 16:06:46 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 1 Apr 2004 16:06:46 -0000
Received: (qmail 32722 invoked by uid 500); 1 Apr 2004 16:05:56 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 32697 invoked by uid 500); 1 Apr 2004 16:05:55 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 32664 invoked from network); 1 Apr 2004 16:05:55 -0000
Received: from unknown (HELO out2.smtp.messagingengine.com) (66.111.4.26)
  by daedalus.apache.org with SMTP; 1 Apr 2004 16:05:55 -0000
X-Sasl-enc: fGYBI3wNClA2S7iPbOFDFg 1080835382
Received: from HEC-4949.hec.ca (unknown [132.211.188.107])
	by mail.messagingengine.com (Postfix) with ESMTP id 2C6AA8FA4D8
	for <users@httpd.apache.org>; Thu,  1 Apr 2004 11:03:01 -0500 (EST)
Date: Thu, 1 Apr 2004 11:03:27 -0500 (Est)
From: Joshua Slive <joshua@slive.ca>
To: "'users@httpd.apache.org'" <users@httpd.apache.org>
In-Reply-To: 
 <CC2B673A9CDCD14BBC010575CD4FD3FD3750E0@dfjcnj-exch.falconjet.com>
Message-ID: <Pine.WNT.4.58.0404011101330.2032@HEC-4949>
References: <CC2B673A9CDCD14BBC010575CD4FD3FD3750E0@dfjcnj-exch.falconjet.com>
X-X-Sender: slive@fastmail.fm@mail.messagingengine.com
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: Re: [users@httpd] how to prevent malicious scripting attack
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N


On Thu, 1 Apr 2004, Liu, Jack wrote:
>   Does the HTTP server have the ability to detect such "pattern of behavior"
> accordingly?

No.

>   If not, any idea of other HTTP server which can do this, detecting such
> "pattern of behavior" (so that we may block it in the router).

I think you answered your own question.  This kind of blocking is most
efficiently accomplished at the router/firewall.  You firewall should have
rules limitting the packets-per-ip address or something of the sort.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org