On Thu, Oct 21, 2010 at 5:40 PM, Kai Witzke <security (at) gaark (dot) de [email concealed]> wrote:
> Hey everybody!
>
> I have some serious problems with flooding attacks to my apache2. No
> problems with logins oder syn floods, just a huge amount of simple
> requests to my server from the same ip. Anyone got a nice howto on that
> or maybe a nice regex prepared for counting such requests and blocking
> the greedy ones?
Hi Kai,
Take a look at ModSecurity's SecGuardianLog. You set a threshold in
httpd-guardian.pl and use blacklist to block the IP. Another native
ModSecurity option is detailed here:
https://secure.jwall.org/blog/2009/07/19/1248004300834.html
--
- Josh
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
> Hey everybody!
>
> I have some serious problems with flooding attacks to my apache2. No
> problems with logins oder syn floods, just a huge amount of simple
> requests to my server from the same ip. Anyone got a nice howto on that
> or maybe a nice regex prepared for counting such requests and blocking
> the greedy ones?
Hi Kai,
Take a look at ModSecurity's SecGuardianLog. You set a threshold in
httpd-guardian.pl and use blacklist to block the IP. Another native
ModSecurity option is detailed here:
https://secure.jwall.org/blog/2009/07/19/1248004300834.html
--
- Josh
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]