From: Thomas S. <tho...@my...> - 2007-07-20 09:42:03
|
Hi there, I'm thinking of using fail2ban to solve something I did different up to now :). In my php-application I'm running some DoS protection which just tracks how many requests an ip-address did in the last X seconds and based on that it blocks ip-addresses with too many requests. Up to now I did this with setting a .htaccess to deny access to these ips together with giving them nice error-pages. I think I could do this nicely with fail2ban beside that I don't know how the action should be done. For the filter I could just write to a file when/which ip-address should be banned and create a rule that an ip should be banned by its first appearance in that file. Now, is there a way to do a redirection to a different port or ip by iptables for http-requests? Anyone having the actions for that? Thanks in advance, Thomas |
From: Nils B. (Lemonbit) <ni...@le...> - 2007-07-20 11:27:18
Attachments:
PGP.sig
|
Thomas Seifert wrote: > I'm thinking of using fail2ban to solve something I did different > up to > now :). > In my php-application I'm running some DoS protection which just > tracks > how many requests > an ip-address did in the last X seconds and based on that it blocks > ip-addresses with too many requests. Assuming you're using Apache: what about using mod_evasive instead? <http://www.zdziarski.com/projects/mod_evasive/> Nils Breunese. |
From: Thomas S. <tho...@my...> - 2007-07-20 11:54:27
|
Nils Breunese (Lemonbit) schrieb: > Assuming you're using Apache: what about using mod_evasive instead? > > <http://www.zdziarski.com/projects/mod_evasive/> > > Nils Breunese. Hi Nils, thank you for your reply. If I would be using Apache then I could continue with .htaccess ;-). I'm planning to use lighttpd but need the DoS-protection. The mod_evasive module in lighttpd ( http://trac.lighttpd.net/trac/wiki/Docs%3AModEvasive ) seems to support only "connections per ip". Regards, Thomas |