httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luis Moreira (ESI-GSQP)" <luis.more...@esi.pt>
Subject RE: [users@httpd] limiting connections per ip address in apache2whenunder attack
Date Thu, 21 Jun 2007 13:52:15 GMT
I, for one, don't , either.

The thing is, if the IP changes too much, blocking on an IP-to-know basis
can generate too many rules.
Blocking the subnet is easier, but tougher on the innocent.

In this case, what DNSSTUFF says is that the IP is the range 88 to 95, which
means that you can block 
218.4.152.88 netmask 255.255.255.248 
or 
218.4.152.88 / 29 (slash notation)

That's what I meant to say.


Luis



-----Original Message-----
From: jslive@gmail.com [mailto:jslive@gmail.com] On Behalf Of Joshua Slive
Sent: quinta-feira, 21 de Junho de 2007 14:36
To: users@httpd.apache.org
Subject: Re: [users@httpd] limiting connections per ip address in
apache2whenunder attack

On 6/21/07, Luis Moreira (ESI-GSQP) <luis.moreira@esi.pt> wrote:
> This is not an "Apache answer", but it may help you.
>
> Do the IPs vary too much, or can you set up a firewall rule to block
> incoming requests (any requests) from those IP ?
> Sort of your own very personal "black list"?
> Of course, should that address decide to post a legitimate request, it
would
> get blocked but hey, who told them to mess up the first time?
>
> On the other hand, on http://www.dnsstuff.com/ you can find info on IP
> addresses on the net.
> Who and were they are, if they belong to spam lists, etc

But of course, you probably don't want to play whack-a-mole with these
IP addresses.

What I'd suggest is implementing the per-IP connection rule in your
firewall. I don't know anything about ubuntu's firewall package, but
most of them can do this.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message