Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #312
| Path | csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!news-1.dfn.de!news.dfn.de!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail |
|---|---|
| From | Sandman <mr@sandman.net> |
| Newsgroups | comp.os.linux.security |
| Subject | Re: Blocking client based on HTTP request |
| Date | Fri, 24 May 2013 21:11:26 +0200 |
| Lines | 31 |
| Message-ID | <mr-897606.21112624052013@News.Individual.NET> (permalink) |
| References | <mr-CA16B8.15073524052013@News.Individual.NET> <bto47a-45c.ln1@llondel.org> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=UTF-8 |
| Content-Transfer-Encoding | 7bit |
| X-Trace | individual.net AZxn415x2NikPIgjWMLZYgsypgsnY/2lr8x8GrH38kghpgq2E= |
| X-Orig-Path | mr |
| Cancel-Lock | sha1:O7qlg9nwrBSNWGnErWxkYsZNqH4= |
| User-Agent | MT-NewsWatcher/3.5.2 (Intel Mac OS X) |
| X-Face | $@,Vfa$,)%=Qa7L]y)&oZj_\EiHc}}A<Y3TvbI2&|e"bE9zc[o<ThMgB4%*L$b1YsNl!/ <lHO$>f0Bei"4a_%)"c6TQ+P/:53>;PNGuWUmkqyeN-qM65foJ[;T_(k;>]&G\T4Lhm:2 ujye2_,iUJFE;NZn>y;.|-hl7g~bIOF1qG\o<?]4mXkW*mT3]{Bn&VwP7(M0uYnGA!V!? {"y?BkBDW6e-.=I5 |
| X-Killfiled | yttrx, gallopinginsanity.com, Mark Kent, Maverick, Nasht.n, NRen2, MuahMan, weedhopper, PC Guy, Brian, nospam@nospam.com, Oxford, Jim Lee Jr., Mocassin Joe, zara, Chance Furlong, Robert Whelan, jt2002a@hotmail.com |
| Xref | csiph.com comp.os.linux.security:312 |
Show key headers only | View raw
In article <bto47a-45c.ln1@llondel.org>, David Hough <noone$$@llondel.org> wrote: > Sandman wrote: > > > So, as my other thread may suggest, I have problems with users flooding > > my server with requests for /wpad.dat > > > > Is there an easy way to use iptables to trigger on those requests and > > then add the IP to a blacklist? > > > Try fail2ban <http://www.fail2ban.org> as one possible candidate. > > I've not yet tried to use it but it's on my to-do list. I looked at it earlier, it seems to be a clinet/server (why?) solution to add rules to iptables. I did that myself instead by using a script to parse the last 1000 rows of the httpd log file, find the unique hosts that are requesting the wpad.dat file and thern adding them to a blacklist file, and then add them to an iptable block. The file now contain 4802 unique spamming hosts, and I'm a bit worried about iptables being too burdoned by so many firewall rules. -- Sandman[.net]
Back to comp.os.linux.security | Previous | Next — Previous in thread | Find similar
Blocking client based on HTTP request Sandman <mr@sandman.net> - 2013-05-24 15:07 +0200
Re: Blocking client based on HTTP request David Hough <noone$$@llondel.org> - 2013-05-24 19:42 +0100
Re: Blocking client based on HTTP request Sandman <mr@sandman.net> - 2013-05-24 21:11 +0200
csiph-web