Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #296 > unrolled thread
| Started by | Sandman <mr@sandman.net> |
|---|---|
| First post | 2013-05-24 15:07 +0200 |
| Last post | 2013-05-24 21:11 +0200 |
| Articles | 3 — 2 participants |
Back to article view | Back to comp.os.linux.security
Blocking client based on HTTP request Sandman <mr@sandman.net> - 2013-05-24 15:07 +0200
Re: Blocking client based on HTTP request David Hough <noone$$@llondel.org> - 2013-05-24 19:42 +0100
Re: Blocking client based on HTTP request Sandman <mr@sandman.net> - 2013-05-24 21:11 +0200
| From | Sandman <mr@sandman.net> |
|---|---|
| Date | 2013-05-24 15:07 +0200 |
| Subject | Blocking client based on HTTP request |
| Message-ID | <mr-CA16B8.15073524052013@News.Individual.NET> |
So, as my other thread may suggest, I have problems with users flooding my server with requests for /wpad.dat Is there an easy way to use iptables to trigger on those requests and then add the IP to a blacklist? -- Sandman[.net]
[toc] | [next] | [standalone]
| From | David Hough <noone$$@llondel.org> |
|---|---|
| Date | 2013-05-24 19:42 +0100 |
| Message-ID | <bto47a-45c.ln1@llondel.org> |
| In reply to | #296 |
Sandman wrote: > So, as my other thread may suggest, I have problems with users flooding > my server with requests for /wpad.dat > > Is there an easy way to use iptables to trigger on those requests and > then add the IP to a blacklist? > Try fail2ban <http://www.fail2ban.org> as one possible candidate. I've not yet tried to use it but it's on my to-do list. Dave
[toc] | [prev] | [next] | [standalone]
| From | Sandman <mr@sandman.net> |
|---|---|
| Date | 2013-05-24 21:11 +0200 |
| Message-ID | <mr-897606.21112624052013@News.Individual.NET> |
| In reply to | #311 |
In article <bto47a-45c.ln1@llondel.org>, David Hough <noone$$@llondel.org> wrote: > Sandman wrote: > > > So, as my other thread may suggest, I have problems with users flooding > > my server with requests for /wpad.dat > > > > Is there an easy way to use iptables to trigger on those requests and > > then add the IP to a blacklist? > > > Try fail2ban <http://www.fail2ban.org> as one possible candidate. > > I've not yet tried to use it but it's on my to-do list. I looked at it earlier, it seems to be a clinet/server (why?) solution to add rules to iptables. I did that myself instead by using a script to parse the last 1000 rows of the httpd log file, find the unique hosts that are requesting the wpad.dat file and thern adding them to a blacklist file, and then add them to an iptable block. The file now contain 4802 unique spamming hosts, and I'm a bit worried about iptables being too burdoned by so many firewall rules. -- Sandman[.net]
[toc] | [prev] | [standalone]
Back to top | Article view | comp.os.linux.security
csiph-web