I am not sure what is appropriate, given netiqette and practicality for my server. I am sick of thousands of identical requests in my error log, plus I want to be able to look over my logs easily to find any real problems.
Below is a copy of the question I sent to modp...@perl.apache.org So far they have never answered any questions I have asked. Right now I am using a simple script from the error log to block permanently any requests from that IP using OpenBSD pf. That simply doesn't work well enough anymore due to the time lag between 20+ requests at once getting to the log file. OpenBSD no longer uses Apache 1 so I am going to move to Apache 2 and study how to make the changes, so now is a great time for me to move in anything new that I haven't used before. Right now I have a list of regexes for attack URL's and requests for anything with cgi or php in them, which I don't use. At first glance, it seems to me that setting up a filter to use to block anything in my ever growing list seems appropriate. Right or wrong? If that's right, what should I do to these requests? I would prefer to not build up a set of IP addresses to block since they may be forged addresses and a real user might get blocked later on. Plus, I occasionally screw up and block my own IP address so I keep an SSH session open before experimenting. Or am I looking at this wrong? Any help appreciated. Chris Bennett
