Yes, I see where you're coming from...Actually, thinking further, you CAN set up mod_security so that it drops the connection - for example, I have this as a default action in my mod_security setup...
SecFilterDefaultAction "deny,log,status:403,system:/usr/local/pft/add_httpd_block %s"
The 'add_httpd_block' script is something I wrote myself to drop the connection and block the IP for a while. I just drop all connections from that IP (because that's what I want), but I'm sure you could work out something that will allow you to drop just this client, thus releasing the connection.
You could also reduce the ip idle timeout at the firewall so that hanging connections get removed quicker; assuminig the client has given up because you're not responding then the connection will be idle - if the client has not given up then short of blocking the ip address (which you say you don't want to do) there's not much you can do about it anyway.
Rich. dtufs wrote:
--- Rich <app1@xxxxxxxxxxxx> wrote:You can configure mod_securiy so that it will notrespond at all - ie - it will just leave the client hanging waiting for a response (which it will never get). Much like a 'silent' firewall.As I said, not ideal (the connection is still live),but at least you can suppress any outgoing data.Yes, I read about this possibility in the modsecurity documentation. However, this does not seem acceptable, because too many "hanging" connections would very likely cause DoS in a very short time. __________________________________________________ Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx !DSPAM:42b55914167216989284748!
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx