Ok, as I have said before what you want to do can be easily done using Patch-o-matic. When you have patched your kernel with this patch you can use firewall rule which will open and examine the packets before it transmit it to the applications. This way I have setup a hosting machine and have dropped all connections that match certain things. But No you can't use this on VPS and I really recommend a dedicated server for your Web server if he is so heavily loaded. Regards M.Marinov На 20.6.2005 11:12 Boyle Owen написа: > > -----Original Message----- > > From: dtufs [mailto:dtufs@xxxxxxxxx] > > Sent: Sonntag, 19. Juni 2005 11:21 > > To: users@xxxxxxxxxxxxxxxx > > Subject: [users@httpd] How to close connection instead of sending 403? > > > > > > We have been trying to cut down our bandwidth usage by > > disallowing access for many spammers and malevolent > > bots. We are currently doing it via .htaccess and > > respond with the "403 Forbidden" code. > > > > However, this still costs us some bandwidth. What we > > would like to do is close the connection without even > > responding to any bad's visitor request. Bad visitor > > is detected by examining the user agent and/or > > referrer, or requested URI (never by examining the IP > > address). > > The point to understand is that the internet is a layered communication > system. There are actually seven layers in the model (see > http://www.webopedia.com/quick_ref/OSI_Layers.asp) but for this discussion > the only two that are important are the TCP/IP layer (network/transport) > and the HTTP layer (application). > > As annoying as the requests might be to you, they are valid TCP/IP packets > so the network/transport layer is required to deliver them. Only when you > get to the HTTP layer (and see the contents) can you decide you don't want > them. Apache is an application and can only block at the HTTP layer - it > can't interfere with TCP/IP. Similarly, anything that works at the TCP/IP > layer (bridge, FW, router) *cannot* interfere with the contents of the > packets. > > It's like you say to your secretary, "I don't want to see any more letters > from Fred Bloggs". You secretary (apache) can open your letters for you and > bin any from Fred Bloggs but she can't stop the postman delivering them. > Also, you can't ask the postman not to deliver letters from certain people > since he's not allowed to open the mail before he delivers it to you. > > So the bottom line is that you can't do it like you want... > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > > Is this possible to do on Apache (running on Red Hat)? > > Thanks in advance. > > > > > > > > __________________________________ > > Yahoo! Mail > > Stay connected, organized, and protected. Take the tour: > > http://tour.mail.yahoo.com/mailtour.html > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP > > Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > This message is for the named person's use only. It may contain > confidential, proprietary or legally privileged information. No > confidentiality or privilege is waived or lost by any mistransmission. If > you receive this message in error, please notify the sender urgently and > then immediately delete the message and any copies of it from your system. > Please also immediately destroy any hardcopies of the message. You must > not, directly or indirectly, use, disclose, distribute, print, or copy any > part of this message if you are not the intended recipient. The sender's > company reserves the right to monitor all e-mail communications through > their networks. Any views expressed in this message are those of the > individual sender, except where the message states otherwise and the sender > is authorised to state them to be the views of the sender's company. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx -- ------------------------------ One Planet, One Internet. We Are All Connected. ------------------------------ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|