httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Hester <Andrew.Hes...@mouser.com>
Subject RE: [users@httpd] Configure httpd not to send responses
Date Mon, 06 Feb 2012 18:05:05 GMT
Thanks for your reply.

I could and I have written a small webserver in Python as a test as well.   Of course with
this I will have to duplicate the functionality of mod_evasive also in my code.

I am not sure that this benefits me though, because I think that either  web server will respond
with 404's and 500's on error.   The webserver I wrote takes the connection and parses info
and does not respond with content, but if I telnet the port and create an error, I see an
error message even though it isn't part of the code I wrote (it must be in the library I used).
 I believe that I will have the same issue with httpd.


I have a  web application firewall that uses mod_security + ? and it is capable of being deployed
in this manner.  It receives traffic on a span port (mirrored traffic) and it does not respond
to the traffic.  It is very much like an IDS would consume the traffic but not think that
it the traffic was really destined for itself and try to serve content.  It has other interfaces
on other subnets for logging, alerting, etc. but does not try to serve the web content requested
(as far as I know - have put a sniffer on it).


Am I missing something?

Thanks,
Andy


From: Igor Cicimov [mailto:icicimov@gmail.com]
Sent: Friday, February 03, 2012 11:30 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Configure httpd not to send responses


How about redirecting all the traffic to a cgi script that does nothing? Or it might be a
script that parses the headers and creates some stats files for you.
On Feb 4, 2012 5:11 AM, "Andrew Hester" <Andrew.Hester@mouser.com<mailto:Andrew.Hester@mouser.com>>
wrote:
Hello,

I would like to use httpd with mod_remoteip and mod_evasive to provide some DoS response for
my site.   I might later use mod_security for other rules as well.  Because of many reasons
the httpd server will will not be inline, but instead I intend to mirror traffic to the server
for analysis.

So, I won't have any content on the server and do not want 400 or 500 errors going back to
the client but I do want to analyze the requests.  I will use a  script to create firewall
rules when DoS rules are triggered.


I have not been able to find any docs on this and I'm not sure what the common terminology
is for this configuration.   Any tips on how to prevent this honeypot-ish server from responding
back to real clients would be appreciated.


Thanks,
Andy


________________________________
This communication, its contents and any file attachments transmitted with it are intended
solely for the addressee(s) and may contain confidential proprietary information.
Access by any other party without the express written permission of the sender is STRICTLY
PROHIBITED.
If you have received this communication in error you may not copy, distribute or use the contents,
attachments or information in any way. Please destroy it and contact the sender.

Mime
View raw message