Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #312
| From | Sandman <mr@sandman.net> |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: Blocking client based on HTTP request |
| Date | 2013-05-24 21:11 +0200 |
| Message-ID | <mr-897606.21112624052013@News.Individual.NET> (permalink) |
| References | <mr-CA16B8.15073524052013@News.Individual.NET> <bto47a-45c.ln1@llondel.org> |
In article <bto47a-45c.ln1@llondel.org>, David Hough <noone$$@llondel.org> wrote: > Sandman wrote: > > > So, as my other thread may suggest, I have problems with users flooding > > my server with requests for /wpad.dat > > > > Is there an easy way to use iptables to trigger on those requests and > > then add the IP to a blacklist? > > > Try fail2ban <http://www.fail2ban.org> as one possible candidate. > > I've not yet tried to use it but it's on my to-do list. I looked at it earlier, it seems to be a clinet/server (why?) solution to add rules to iptables. I did that myself instead by using a script to parse the last 1000 rows of the httpd log file, find the unique hosts that are requesting the wpad.dat file and thern adding them to a blacklist file, and then add them to an iptable block. The file now contain 4802 unique spamming hosts, and I'm a bit worried about iptables being too burdoned by so many firewall rules. -- Sandman[.net]
Back to comp.os.linux.security | Previous | Next — Previous in thread | Find similar
Blocking client based on HTTP request Sandman <mr@sandman.net> - 2013-05-24 15:07 +0200
Re: Blocking client based on HTTP request David Hough <noone$$@llondel.org> - 2013-05-24 19:42 +0100
Re: Blocking client based on HTTP request Sandman <mr@sandman.net> - 2013-05-24 21:11 +0200
csiph-web