httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] limiting connections per ip address in apache2 whenunder attack
Date Thu, 21 Jun 2007 23:11:29 GMT
Bob wrote:
> 
> If this is a real attack then you were found by rolling through a whole
> block of ip address looking for a open port 80.
> Change your apache server to use different port say 7788 instead of port 80
> and then use the free www.zoneedit.com dns service to redirect all FQDN to
> your websit to include the new port.  From that point on only access to your
> site would have to done through FQDN.  And all those attack port 80 packets
> would find no web server at port 80 ending this and future attacks leaving
> all your normal server request using your FQDN working as they do now. This
> is called hiding in plain sight.

Apache does this, if you ask it.  Make the 1st named virtual host (the
default, or fallback host) ServerName example.com, and then completely
blackhole all requests through a trivial AliasMatch .* -> /htdocs/noaccess.html.

If there is no Host: or a worthless Host: header from the browser/spider/
malicious user, there will be nothing to serve for that user.

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message