httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich <a...@rbentley.com>
Subject Re: [users@httpd] How to close connection instead of sending 403?
Date Sun, 19 Jun 2005 11:21:18 GMT
Ah but !!!....

You can configure mod_securiy so that it will not respond at all - ie - 
it will just leave the client hanging waiting for a response (which it 
will never get). Much like a 'silent' firewall.

As I said, not ideal (the connection is still live), but at least you 
can suppress any outgoing data.

Note:

If you are using apache 2 then you can use mod_security to scan both 
incomming and outgoing data. The outgoing scan is really useful because 
you can stop information leaks in the event that someone DOES manage to 
get to something they shouldn't.

If you are using apache 1.3, the output scanning is not available (it's 
a limitation of the way 1.3 works). However, you can still block the 
client on the incomming stream so that request never reaches apche 
propper, and you can affctively ignore the request.

Rich.


dtufs wrote:
>>Once it you know this, you can configure it to 
>>prevent further communication with the client
>>(not actually killing the  connection, but the 
>>affect will be the same - the client will give up).
> 
> 
> Unfortunately, the "client" will not give up. The
> result will be that our (very expensive) bandwidth
> will be wasted on sending 403 responses (that's about
> 300 bytes per request). 
> 
> Imagine a bot requesting a page twice per second. And
> then imagine thousands of such bots, which ignore your
> 403 responses, using different IP addresses. Worms,
> DDoS bots, etc. Something must be done.
> 
> 
> 
> 		
> __________________________________ 
> Yahoo! Mail 
> Stay connected, organized, and protected. Take the tour: 
> http://tour.mail.yahoo.com/mailtour.html 
> 
> 
> !DSPAM:42b551aa275869908512351!
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message