httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Freek de Kruijf <>
Subject Re: [users@httpd] Is there a way to intercept all IP accesses in real time?
Date Thu, 01 Nov 2018 14:20:42 GMT
Op donderdag 1 november 2018 15:05:06 CET schreef David Spector:
> I would like to write a short real-time PHP program to detect unusual or
> malicious access patterns to httpd under all OSs for the usual methods,
> such as GET and POST, the goal being to protect authentication
> procedures from being repeatedly tested by unauthorized visitors to
> websites.
> My understanding is that Apache generates a pool of worker processes to
> handle remote accesses to the server, so that accesses are processed
> efficiently and possibly concurrently if the OS supports process
> concurrency.
> So, I'm afraid if I simply write a PHP function that gets called at the
> start of displaying the home page of a website, it will intercept only a
> subset of the remote accesses, which would be insufficient for analyzing
> access patterns.
> Is there a way to have a piece of efficient real-time PHP code stay in
> memory (for efficiency, so its code and database can be resident in
> memory) and be called for every remote IP access? Its results (a short,
> often updated IP blacklist) could be sent to the website through a
> slower route or could be used right there in the real-time PHP code to
> block the access.
> David Spector
> Springtime Software
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

The SANS Instituut ( has a honeypot system available:
This web page mentions that apache is being used, but this is no longer the 
case. The software uses a Python script to catch the communication with the 
http server. The software itself is available on GitHub. I have it running on 
the smallest Raspberry Pi, a 1B, together with a honeypot for telnet and ssh 
and firewall logging. Reports go to My modem/router forwards 
almost all TCP/UDP ports to the honeypot system.


Freek de Kruijf

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message