My approach would be to filter urls longer than the longest legitimate URL before they got to my servers. My weapon of choice would be a Squid reverse proxy.
-- Cary Gordon The Cherry Hill Company http://chillco.com On Aug 8, 2008, at 9:00 AM, Terry Ford wrote: > Our server has now logged 51,000 attack requests in the last 4 hours. > > 160,000 attacks in the past 24 hours. > > I suspect we are getting hit so hard because we have hundreds of > thousands of pages in Google. > > In short, these attacks are starting to grow very quickly in > intensity. > > We are redirecting them away from CF with mod_rewrite, so CURRENTLY > there is no major problem. > > My concern is what we are to do if these attacks keep growing at the > current rate, and we end up taking in MILLIONS of requests an hour a > day or two from now. Does anyone know of any solution? > > Our ISP has a firewall product (Cisco ASA firewall), but it deals on > the packet level only. It has no visibility into URLs, so we have > no way right now to filter traffic based on URL parameters. > > Any ideas on what we are to do should things continue to worsen? > Archive: > http://www.houseoffusion.com/groups/CF-Linux/message.cfm/messageid:4427 > Subscription: http://www.houseoffusion.com/groups/CF-Linux/subscribe.cfm > Unsubscribe: > http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=305.286.14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Linux/message.cfm/messageid:4430 Subscription: http://www.houseoffusion.com/groups/CF-Linux/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
