On 14-Nov-2009, at 08:24, kofal...@umn.edu wrote: > What would would be perfect is a module that watches for conditions like > these, and if they trigger, drops requests from that IP for the next 24 > hours. For example. if anybody requests "phpmyadmin" at all, I don't want the > server to even respond (just drop the request, no 404) for awhile, even to > legitimate requests. Preferably, it would also log the block action as well.
The simplest option is using IPTABLES to setup a rule (we used to do this for SSH). fail2ban might be an option for you. It has nothing to do with apache specifically, but it looks for these sorts of massive floods and then bans the IP from the server. I'm pretty sure it has a WWW/apache module for apache (I use it for sash and smtp intrusion as I've not noticed the trouble you describe). Be aware that the default values might seem rather strict to some people. 5 failures in 10 minutes equals a two week ban. It's possible that fail2ban is only working on AUTH/LOGIN failures though. Still, should get you started, I guess. I started here: <http://eportfolio.research.iat.sfu.ca/wiki/index.php?title=HOWTO_Setup_fail2ban> -- 'There's Mr Dibbler.' 'What's he selling this time?' 'I don't think he's trying to sell anything, Mr Poons.' 'It's that bad? Then we're probably in lots of trouble.' --Reaper Man --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
