Hi all... I hope any can give me a suggestion about how to block this kind of request in my apache web server...
[Wed Apr 22 15:22:32 2009] [error] [client 10.10.10.10] Invalid URI in request GET HTTP/1.1 I have a lot of these requests per second, from the same IP, I think this is a kind of virus or malware trying to contact the server. After a few minutes the IP change and start the same behavior. I compiled and installed mod_evasive module which worked fine but it doesnt block the IPs doing the request, cause in the request there is not a specfic object or page, so the mod_evasive can no detect and block the ips. Im thinking create a script that read the log file and insert a rule in the firewall to block this requests, but I wanna ask here before, maybe somebody have had the same problem before. Any suggestion ? Thanks.
