I'd think there'd be a way you could do this programatically with a filter. Though you'd need some way to notify your firewall to block the offending IP, and perhaps you don't have an actual firewall running.
Then again, you could have another filter that rejects requests from listed IPs that your first filter writes to. :) I know, it's not an automatic feature; I'm just thinking out loud that it probably wouldn't be very hard to implement something that would do the job. Rob On Jul 21, 2010, at 12:47 , Aaron Freeman wrote: > Jon, > > Right, so far that's been our tact. This one particular attack is a bit > annoying because it's inflating our logs. > > I was just curious if this was a capability within Resin. We wouldn't > take the time to write a custom tag or anything like that to stop it. > > Aaron > > > On 7/21/2010 10:27 AM, Jon Stevens wrote: >> Having run very very large porn sites for a number of years, I've seen >> all sorts of automated 'attacks' like that. If you don't have anything >> responding to those url's, then you don't have any problems. =) >> >> Anyway, why bother? Just ignore it. I'm sure you have better things to >> do with your time than play whack-a-mole. >> >> jon >> >> On Wed, Jul 21, 2010 at 7:14 AM, Aaron Freeman<aaron.free...@layerz.com> >> wrote: >> >>> Just wondering if anybody has ever worked through a scenario where you >>> could automatically firewall off an IP address that requested a >>> "poisoned" URL? >>> >>> There is an attacker continuously scanning all of our servers for a >>> specific URL, but from several different IPs. It would be nice to be >>> able to automatically firewall them off. >>> >>> Has anybody done anything like that before? >>> >>> Thanks, >>> >>> Aaron >>> _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
