RE: Dynamically banning hosts
Hi Mustafa -- Is it possible to dynamically ban IP addresses using mod_perl. Like even the first connection from the specified ip will be rejected. I know that you can do this using httpd.conf but I am wondering how to do the same dynamically while Apache is running. Yes, it is possible with mod_perl. You can create a PerlAccessHandler which allows or denies access for a particular client based on some logic. The Access phased is the appropriate place for such a handler. Also how can I cope with denial of service attacks? I know there is no general solution to this, but is there a particular technique to ease the problem. The environment is one host that serves small number of people with a very limited bandwidth. I don't know of any particular CPAN module which would detect a DOS attack. There have been a few specialized modules, such as Apache::CodeRed, but I don't think that's what you're looking for. If you can define the nature of the attack, you can write code to defend against it. Mod_perl can definitely allow you to add logic at the right time to implement such a defense. Warmest regards, -Jesse- -- Jesse Erlbaum The Erlbaum Group [EMAIL PROTECTED] Phone: 212-684-6161 Fax: 212-684-6226
RE: Dynamically banning hosts
Hi there, On Sat, 12 Jul 2003, Jesse Erlbaum wrote: Is it possible to dynamically ban IP addresses using mod_perl. Yes, it is possible with mod_perl. You can create a PerlAccessHandler In addition to Jesses's comments, I'd suggest that you might want to look at firewalling techniques to eliminate the requests before they ever reach your server. If your mod_perl server is doing the access denial, then there has already been a lot of processor activity wasted on the attack. Something like IPCop is freely available, easy to configure (if you avoid pitfalls with multiple Ethernet cards being shuffled:) and very effective. But there is no easy solution to a determined DOS attack on an open IP. 73, Ged.
must I use mod-perl
When must I to use mod_perl? It is necessary? B.