httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From LuKreme <krem...@kreme.com>
Subject [users@httpd] Re: Dynamically block certain requests on trigger?
Date Sun, 15 Nov 2009 03:07:26 GMT
On 14-Nov-2009, at 08:24, kofal002@umn.edu wrote:

> What would would be perfect is a module that watches for conditions like these, and if
they trigger, drops requests from that IP for the next 24 hours. For example. if anybody requests
"phpmyadmin" at all, I don't want the server to even respond (just drop the request, no 404)
for awhile, even to legitimate requests. Preferably, it would also log the block action as
well.

The simplest option is using IPTABLES to setup a rule (we used to do this for SSH).

fail2ban might be an option for you. It has nothing to do with apache specifically, but it
looks for these sorts of massive floods and then bans the IP from the server. I'm pretty sure
it has a WWW/apache module for apache (I use it for sash and smtp intrusion as I've not noticed
the trouble you describe). Be aware that the default values might seem rather strict to some
people. 5 failures in 10 minutes equals a two week ban. It's possible that fail2ban is only
working on AUTH/LOGIN failures though. Still, should get you started, I guess.

I started here:
<http://eportfolio.research.iat.sfu.ca/wiki/index.php?title=HOWTO_Setup_fail2ban>


-- 
'There's Mr Dibbler.'
'What's he selling this time?'
'I don't think he's trying to sell anything, Mr Poons.'
'It's that bad? Then we're probably in lots of trouble.' --Reaper Man


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message