httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luis Croker <lcro...@megacable.com.mx>
Subject [users@httpd] Invalid Requests.
Date Wed, 22 Apr 2009 22:57:09 GMT

   Hi all... 

   I hope any can give me a suggestion about how to block this kind of
request in my apache web server... 

[Wed Apr 22 15:22:32 2009] [error] [client 10.10.10.10] Invalid URI in
request GET  HTTP/1.1

   I have a lot of these requests  per second,  from the same IP, I
think this is a kind of virus or malware trying  to contact the server.
After a few minutes the IP change and start the same behavior. 
I compiled and installed mod_evasive module which worked fine but it
doesnt block the IPs doing the request, cause in the request  there is
not   a specfic object or page, so the mod_evasive can no detect and
block the ips. 
Im thinking create a script that read the log file and insert a rule in
the firewall to block this requests, but I wanna ask here before, maybe
somebody have had the same problem before. 

Any suggestion ?

Thanks. 

Mime
View raw message