I would like to write a short real-time PHP program to detect unusual or
malicious access patterns to httpd under all OSs for the usual methods,
such as GET and POST, the goal being to protect authentication
procedures from being repeatedly tested by unauthorized visitors to
websites.
My understanding is that Apache generates a pool of worker processes to
handle remote accesses to the server, so that accesses are processed
efficiently and possibly concurrently if the OS supports process
concurrency.
So, I'm afraid if I simply write a PHP function that gets called at the
start of displaying the home page of a website, it will intercept only a
subset of the remote accesses, which would be insufficient for analyzing
access patterns.
Is there a way to have a piece of efficient real-time PHP code stay in
memory (for efficiency, so its code and database can be resident in
memory) and be called for every remote IP access? Its results (a short,
often updated IP blacklist) could be sent to the website through a
slower route or could be used right there in the real-time PHP code to
block the access.
David Spector
Springtime Software
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
