Iptables rules I written previously does not matter ip origin even if it is a bogus one (as 1.1.1.1). Those rules prevents for service bursting. Try to use it and if it doesn't work delete it.
Kind regards

El 20/11/2013 15:09, "Jamie Riden" <jamie.riden@gmail.com> escribió:
On 20 November 2013 13:46, Winfried Neessen <neessen@cleverbridge.com> wrote:
> If limited to Apache/Application Layer, you might also want to check out
> mod_antiloris against Slowloris.
>
> http://mod-antiloris.sourceforge.net/

Thanks Jose, Winfried,

I'm afraid the web server is only seeing the internal NAT IP address
at that point, so I can do neither iptables nor mod_antiloris.

(For anyone reading this thread in future, the above are the sensible
way to go, if you can :)

thanks,
 Jamie
--
Jamie Riden / jamie@honeynet.org / jamie.riden@gmail.com
http://uk.linkedin.com/in/jamieriden

------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/