httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacqui Caren <Jacqui.ca...@ntlworld.com>
Subject Re: [users@httpd] How to prevent apache proxy abuse?
Date Fri, 18 Jul 2008 21:11:06 GMT
Ali Nebi wrote:
> Thanks for the reply.
> 
> I use shorewall firewall. I will try to configure it to drop these hosts.

Off topic now (nd assuming this is a non commercial web service)

Add the ip addresses to /etc/shorewall/blacklists and ensure

blacklists is added to the correct line in the /ec/shorewall/interfaces
file.

i.e.

fox ~ # grep blacklist /etc/shorewall/interfaces
#                       blacklist    - Check packets arriving on this 
interface
#                                      against the /etc/shorewall/blacklist
net     eth1            -                blacklist
net     ppp0            -                blacklist
fox ~ #

and

fox ~ # tail -5 /etc/shorewall/blacklist
24.64.108.109/32
24.64.187.143/32

#ADDRESS/SUBNET         PROTOCOL        PORT
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

> Is there some way to deny these accesses with rewriterule?
> If yes how it should looks like?

If I wanted to try and feed the infected machine something that
may trigger it I would consider an errordocument handler
but anything beyond a standard error may cause the infected machine
to conside your system as 'open'.

Instead, have the errordoc handler write the IP address to a log
and feed this (carefully) into your blacklist file.

Jacqui

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message