Re: [mod-security-users] Automatically Add to Deny Hosts
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Automatically Add to Deny Hosts
|
From: Ivan R. <iv...@we...> - 2006-02-16 12:42:18
|
Achim Hoffmann wrote: > On Thu, 16 Feb 2006, Ivan Ristic wrote: > !! John Thomas wrote: > !! > Is there a way to automagically add these *&*&^ to my host.deny file? > !! > !! Not without a little bit of work: you could configure SEC (Simple Event > !! Correlator) to watch the error log and act on the information seen there. > > hmm, should be simple with using mod_security's exec action, which calls a > script to manage those IPs and add/remove the corresponding firewall rules. > I'd never recommend to do that 'cause it most likely ends up in a performance > nightmare Correct, that's why I recommended the use of SEC in the first place :) > (beside the additional work to do to remove the firewall rules) Both "blacklist" and SnortSam (I believe) are capable of blacking IP addresses for a limited period only. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
