[mod-security-users] tarpit rule?
Brought to you by:
victorhora,
zimmerletw
From: David O. <da...@cr...> - 2006-12-08 09:04:09
|
Dear all, I'm currently using mod-security 1.9.2 on a debian sarge server. Since yesterday I'm under strange DoS attacks: Hundreds of hosts (mostly from asia) are sending "GET / HTTP/1.0." to a website. They all come without a User Agent but with the same referrers (actually it's five different referrers). I created a rule based on the referrers to drop their requests, like SecFilterSelective HTTP_Referer|ARGS "bad\.referrer\.com" I'm wondering whether it would be possible to create a kind of tarpit rule, so requesting host with these referrers would get slowed down? Regards, David -- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87 |