On 1/17/2008 4:44 PM, Mike Leahy wrote:
I'm wondering if anyone knows of a simple way to filter out bad HTTP requests being sent to my server. You'll find an example of my apache log below. What I would like to do is set this up so that if somebody makes too many 404/403 requests within a short period of time (say 5 hits within 5 minutes), then the IP gets temporarily banned. I've iptables setup to do this sort of thing with brute force ssh login attempts. Below is a simple example of how I have accomplished this (I adopted this method from sample I found posted online somewhere). I'm wondering how difficult it might be to do the same (i.e., identify connections that get 404/403 responses from httpd, and temporarily ban their IP).
Consider using the layer 7 filter to look for the 4xx error codes in conjunction with the recent match extension to realize which system(s) are causing ""problems. Use the recent match extension to start rejecting new connections from the ""problem system(s).
Grant. . . . - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html