Then redirect you error pages in the same way too. On Feb 7, 2012 5:05 AM, "Andrew Hester" <andrew.hes...@mouser.com> wrote:
> Thanks for your reply.**** > > ** ** > > I could and I have written a small webserver in Python as a test as well. > Of course with this I will have to duplicate the functionality of > mod_evasive also in my code.**** > > ** ** > > I am not sure that this benefits me though, because I think that either > web server will respond with 404’s and 500’s on error. The webserver I > wrote takes the connection and parses info and does not respond with > content, but if I telnet the port and create an error, I see an error > message even though it isn’t part of the code I wrote (it must be in the > library I used). I believe that I will have the same issue with httpd.*** > * > > ** ** > > ** ** > > I have a web application firewall that uses mod_security + ? and it is > capable of being deployed in this manner. It receives traffic on a span > port (mirrored traffic) and it does not respond to the traffic. It is very > much like an IDS would consume the traffic but not think that it the > traffic was really destined for itself and try to serve content. It has > other interfaces on other subnets for logging, alerting, etc. but does not > try to serve the web content requested (as far as I know – have put a > sniffer on it).**** > > ** ** > > ** ** > > Am I missing something?**** > > ** ** > > Thanks,**** > > Andy **** > > ** ** > > ** ** > > *From:* Igor Cicimov [mailto:icici...@gmail.com] > *Sent:* Friday, February 03, 2012 11:30 PM > *To:* users@httpd.apache.org > *Subject:* Re: [users@httpd] Configure httpd not to send responses**** > > ** ** > > How about redirecting all the traffic to a cgi script that does nothing? > Or it might be a script that parses the headers and creates some stats > files for you.**** > > On Feb 4, 2012 5:11 AM, "Andrew Hester" <andrew.hes...@mouser.com> wrote:* > *** > > Hello,**** > > **** > > I would like to use httpd with mod_remoteip and mod_evasive to provide > some DoS response for my site. I might later use mod_security for other > rules as well. Because of many reasons the httpd server will will not be > inline, but instead I intend to mirror traffic to the server for analysis. > **** > > **** > > So, I won’t have any content on the server and do not want 400 or 500 > errors going back to the client but I do want to analyze the requests. I > will use a script to create firewall rules when DoS rules are triggered.* > *** > > **** > > **** > > I have not been able to find any docs on this and I’m not sure what the > common terminology is for this configuration. Any tips on how to prevent > this honeypot-ish server from responding back to real clients would be > appreciated.**** > > **** > > **** > > Thanks,**** > > Andy **** > > **** > > ** ** > ------------------------------ > > This communication, its contents and any file attachments transmitted with > it are intended solely for the addressee(s) and may contain confidential > proprietary information. > Access by any other party without the express written permission of the > sender is STRICTLY PROHIBITED. > If you have received this communication in error you may not copy, > distribute or use the contents, attachments or information in any way. > Please destroy it and contact the sender.**** >
