Then redirect you error pages in the same way too.
Thanks for your reply.
I could and I have written a small webserver in Python as a test as well. Of course with this I will have to duplicate the functionality of mod_evasive also in my code.
I am not sure that this benefits me though, because I think that either web server will respond with 404’s and 500’s on error. The webserver I wrote takes the connection and parses info and does not respond with content, but if I telnet the port and create an error, I see an error message even though it isn’t part of the code I wrote (it must be in the library I used). I believe that I will have the same issue with httpd.
I have a web application firewall that uses mod_security + ? and it is capable of being deployed in this manner. It receives traffic on a span port (mirrored traffic) and it does not respond to the traffic. It is very much like an IDS would consume the traffic but not think that it the traffic was really destined for itself and try to serve content. It has other interfaces on other subnets for logging, alerting, etc. but does not try to serve the web content requested (as far as I know – have put a sniffer on it).
Am I missing something?
Thanks,
Andy
From: Igor Cicimov [mailto:icicimov@xxxxxxxxx]
Sent: Friday, February 03, 2012 11:30 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: Configure httpd not to send responses
How about redirecting all the traffic to a cgi script that does nothing? Or it might be a script that parses the headers and creates some stats files for you.
On Feb 4, 2012 5:11 AM, "Andrew Hester" <Andrew.Hester@xxxxxxxxxx> wrote:
Hello,
I would like to use httpd with mod_remoteip and mod_evasive to provide some DoS response for my site. I might later use mod_security for other rules as well. Because of many reasons the httpd server will will not be inline, but instead I intend to mirror traffic to the server for analysis.
So, I won’t have any content on the server and do not want 400 or 500 errors going back to the client but I do want to analyze the requests. I will use a script to create firewall rules when DoS rules are triggered.
I have not been able to find any docs on this and I’m not sure what the common terminology is for this configuration. Any tips on how to prevent this honeypot-ish server from responding back to real clients would be appreciated.
Thanks,
Andy
This communication, its contents and any file attachments transmitted with it are intended solely for the addressee(s) and may contain confidential proprietary information.
Access by any other party without the express written permission of the sender is STRICTLY PROHIBITED.
If you have received this communication in error you may not copy, distribute or use the contents, attachments or information in any way. Please destroy it and contact the sender.
|