Re: [mod-security-users] HTTPD Dos
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] HTTPD Dos
|
From: Ivan R. <iv...@we...> - 2004-11-12 12:49:52
|
Gerwin Krist -|- Digitalus Webhosting wrote: > Hello there, > > One of our servers is being ddossed (httpd based), 100ths of clients are > trying to download 1 certain file. My question, is it possible > to filter on the download and put the the ip in an iptables rule? Are the IP addresses constantly changing? I wrote some scripts for the book, available here http://www.apachesecurity.net/, that might be able to protect you automatically from that sort of attack. The blacklist script is a dynamic iptables firewall. You can tell it which IP address to block and for how long. The apache-protect script will watch mod_status output and count the number of identical requests coming from one IP address and invoke the blacklist script to ban the addresses that reach the threshold. Finally, blacklist-webclient can be invoked from mod_security via the exec action, if you so wish. Just be careful not to block legitimate users :) -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ] |
