Re: [mod-security-users] mod_security throttling?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> I'm trying to find a way to block the bulk of Movable Type  comment spam at
> the apache level, rather than at the weblog level. Is mod_security capable
> of any kind of throttling, i.e. more than a given number of requests on a
> single script per  time interval get dropped? Or is this a job for
> mod_dosevasive?

   mod_dosevasive can do it but it works on per-process level. There's
   no security-aware throttling module available for Apache that I'm
   aware. ModSecurity 2.x will be.

   What rate of comment spam are you getting? There's a script called
   apache-protect (http://www.apachesecurity.net), which monitors
   mod_status output to detect too many requests for the same URL. It
   then uses iptables to ban the offending IP address.

-- 
Ivan Ristic (http://www.modsecurity.org)