WebApp Sec mailing list archives
Re: fail2ban
From: Jamuse <jamuse () gmail com>
Date: Tue, 26 Oct 2010 06:09:11 +0200
On Thu, Oct 21, 2010 at 5:40 PM, Kai Witzke <security () gaark de> wrote:
Hey everybody! I have some serious problems with flooding attacks to my apache2. No problems with logins oder syn floods, just a huge amount of simple requests to my server from the same ip. Anyone got a nice howto on that or maybe a nice regex prepared for counting such requests and blocking the greedy ones?
Hi Kai, Take a look at ModSecurity's SecGuardianLog. You set a threshold in httpd-guardian.pl and use blacklist to block the IP. Another native ModSecurity option is detailed here: https://secure.jwall.org/blog/2009/07/19/1248004300834.html -- - Josh This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- fail2ban Kai Witzke (Oct 25)
- Re: fail2ban Adrian J Milanoski (Oct 25)
- Re: fail2ban Ryan Dewhurst (Oct 26)
- Re: fail2ban primehaxor (Oct 26)
- Re: fail2ban Ryan Dewhurst (Oct 26)
- Re: fail2ban Jamuse (Oct 26)
- Re: fail2ban Rafel Ivgi (Oct 26)
- Re: fail2ban Dale Stirling (Oct 26)
- RE: fail2ban Perry B. Whelan (Oct 26)
- Re: fail2ban robert (Oct 28)
- Re: fail2ban Adrian J Milanoski (Oct 28)
- <Possible follow-ups>
- Re: fail2ban Alexandro Silva (Oct 31)
- Re: fail2ban Adrian J Milanoski (Oct 25)