Re: [mod-security-users] mod_security
Brought to you by:
victorhora,
zimmerletw
From: <jm...@up...> - 2009-04-01 15:30:22
|
Thank you for your guidance Brian, Could you please let me know how to incorporate the X-forwarded field in the Rule and use the "if" condition. Thanks again... Regards, Jessy -----Original Message----- From: Brian Rectanus [mailto:Bri...@br...] Sent: Tuesday, March 31, 2009 6:50 PM To: Mathew Jessy (HCC1MJM) Cc: mod...@li... Subject: Re: [mod-security-users] mod_security Jessy Mathew wrote: > Hello, > > Could you please let me know if there is way in mod_security to > throttle requests based on IP with in a defined period of time. > eg. if the no. of requests from a particular ip address exceeds 90 > requests in a 5 minute interval, flag the ip address and blocks it for > 60 minutes. By default, the requests should be throttled based on > X-forwarded field Ip addresses. If x-forwarded field is not present, > throttle requests based on real client IP. > > Thanks in advance, > Jessy The archives are a good place to look for things like this... http://article.gmane.org/gmane.comp.apache.mod-security.user/3027 Watch out on the x-forwarded-for. Anyone can put any IP in there and could cause an arbitrary IP to be throttled. -B -- Brian Rectanus Breach Security |