Re: [mod-security-users] Ideas for future features..
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Ideas for future features..
|
From: Zach R. <ad...@li...> - 2006-02-26 02:04:47
|
Ivan Ristic wrote: >Zach Roberts wrote: > > >>Ivan Ristic wrote: >> >> >> >>>Zach Roberts wrote: >>> >>> >>> >>> >>>>I apologize for being absent for most of the discussion. My schedule has >>>>been quite full lately. >>>> >>>>I have been using a forked mod_access_rbl for about a year now. While I >>>>don't use it to scan every request that comes in I do use it to control >>>>access to two or three files that are accessed quite a bit. For these >>>>three files I am using seven different blacklists and I've noticed no >>>>drop in performance. >>>> >>>> >>>> >>> Without a local cache? >>> >>> >>> >>Just a local DNS cache. >> >> > > Just to double-check: and by that you mean the cache that's in the > libresolve library, not a local caching DNS server? > > > > I meant a local caching DNS server. >>> BTW, even now you can have protection better than with mod_evasive >>> using httpd-guardian (http://www.apachesecurity.net/tools/). And, >>> in terms of performance, probably faster than what will be available >>> in ModSecurity v2.0. >>> >>> >>> >>I'll look at it. It might prove useful. >> >> > > I am looking for testers. You can even cluster it using Spread. > > > > I'll try to look at it within the next week as I get time. >>>>If the functionality works with Frontpage too (mod_evasive >>>>does not) it will be all that much better. >>>> >>>> >>>> >>> That's interesting. What is the problem with FrontPage? >>> >>> >>> >>It interferes with publishing content via port 80. >> >> > > I meant to ask if you had any specific knowledge of how > FrontPage triggers mod_evasive. Does it perform too many > request in a short period of time? Anything that would help > me avoid the problem ;) > > > When I wrote that I meant that the method it uses to detect incoming DoS attacks interferes with Frontpage's operation. Most likely the reason being that it sees Frontpage's requests as a DoS due to the amount of connections Frontpage uses to publish. Zach |
