FYI unless you have an existing mod_security configuration to upgrade
(and even with that) upgrading mod_security is a 30-second operation.
Not really - We have mod_security compiled straight into Apache, so it's not just a question of compiling a new module and dropping in on the server, we have to recompile our entire Apache setup which (I'm being told) is a fairly complicated process, and right now the SysAdmin is too busy to help me...
Avoid launching a script if possible. If you don't those attacking
you will be able to create dozens of processes per second simply
by sending many requests in parallel.
A better idea is to pipe the error log to a single inspecting
process (like httpd-guardian).
Hmmm, that probably would be better; I'd have to parse the log to find only the entries I'm interested in, (since I don't want to block valid users behind proxies) but I'd be less susceptible to getting flooded with forking processes.
You should even be able to create a nice page to show to the
Already planned! As well as sending an alert to the syslog so that we know what's happening.... which i believe your script already does.
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
Tel: +44 20 8141 2161, Fax: +44 87 0762 3934