Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.os.linux.security > #296 > unrolled thread

Blocking client based on HTTP request

Started bySandman <mr@sandman.net>
First post2013-05-24 15:07 +0200
Last post2013-05-24 21:11 +0200
Articles 3 — 2 participants

Back to article view | Back to comp.os.linux.security


Contents

  Blocking client based on HTTP request Sandman <mr@sandman.net> - 2013-05-24 15:07 +0200
    Re: Blocking client based on HTTP request David Hough <noone$$@llondel.org> - 2013-05-24 19:42 +0100
      Re: Blocking client based on HTTP request Sandman <mr@sandman.net> - 2013-05-24 21:11 +0200

#296 — Blocking client based on HTTP request

FromSandman <mr@sandman.net>
Date2013-05-24 15:07 +0200
SubjectBlocking client based on HTTP request
Message-ID<mr-CA16B8.15073524052013@News.Individual.NET>
So, as my other thread may suggest, I have problems with users flooding 
my server with requests for /wpad.dat

Is there an easy way to use iptables to trigger on those requests and 
then add the IP to a blacklist?

-- 
Sandman[.net]

[toc] | [next] | [standalone]


#311

FromDavid Hough <noone$$@llondel.org>
Date2013-05-24 19:42 +0100
Message-ID<bto47a-45c.ln1@llondel.org>
In reply to#296
Sandman wrote:

> So, as my other thread may suggest, I have problems with users flooding
> my server with requests for /wpad.dat
> 
> Is there an easy way to use iptables to trigger on those requests and
> then add the IP to a blacklist?
> 
Try fail2ban <http://www.fail2ban.org> as one possible candidate.

I've not yet tried to use it but it's on my to-do list.

Dave

[toc] | [prev] | [next] | [standalone]


#312

FromSandman <mr@sandman.net>
Date2013-05-24 21:11 +0200
Message-ID<mr-897606.21112624052013@News.Individual.NET>
In reply to#311
In article <bto47a-45c.ln1@llondel.org>,
 David Hough <noone$$@llondel.org> wrote:

> Sandman wrote:
> 
> > So, as my other thread may suggest, I have problems with users flooding
> > my server with requests for /wpad.dat
> > 
> > Is there an easy way to use iptables to trigger on those requests and
> > then add the IP to a blacklist?
> > 
> Try fail2ban <http://www.fail2ban.org> as one possible candidate.
> 
> I've not yet tried to use it but it's on my to-do list.

I looked at it earlier, it seems to be a clinet/server (why?) solution 
to add rules to iptables.

I did that myself instead by using a script to parse the last 1000 
rows of the httpd log file, find the unique hosts that are requesting 
the wpad.dat file and thern adding them to a blacklist file, and then 
add them to an iptable block.

The file now contain 4802 unique spamming hosts, and I'm a bit worried 
about iptables being too burdoned by so many firewall rules. 




-- 
Sandman[.net]

[toc] | [prev] | [standalone]


Back to top | Article view | comp.os.linux.security


csiph-web