[Dshield] Help With CGI Abuse - Please
David Cary Hart
DShield at TQMcube.com
Fri Aug 19 21:48:51 GMT 2005
On Fri, 2005-08-19 at 14:51 -0600, Josh Tolley wrote:
> David Cary Hart wrote:
> > On Fri, 2005-08-19 at 14:37 -0400, Johannes B. Ullrich wrote:
> >>David Cary Hart wrote:
> >>>Does anyone know how to get Apache 2 to limit $x requests per client
> >>>within $y seconds? I want to provide REASONABLE script access to our
> >>>Multi-RBL checker but every once in awhile I see that we are getting
> >>>hammered - particularly since we added country of origin to the script.
> >>>I'd really hate to go to a captcha.
> >>This bandwidth module may help:
> > I also thought about mod_throttle (which is now deprecated). The problem
> > with BW is that it is geared to bandwidth allocating rather than
> > connects.
> > I'm going to hack something together with the swatch daemon - perhaps.
> If you're running it on an OpenBSD or Linux box, pf or iptables will let
> you throttle incoming connections the way you're looking to do it. This
> came up on NANOG the other day as well; I'm not much of an iptables
> person but another poster said the following would do it:
> /sbin/iptables -N HTTP
> /sbin/iptables -A HTTP -i eth0 -m limit --limit 10 --limit-burst 1 -j ACCEPT
> /sbin/iptables -A HTTP -i eth0 -j DROP
> /sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 80 -j HTTP
> I'm more of an OpenBSD afficionado myself, and the max-src-conn and
> max-src-conn-rate options should do what you want, in that case. Most
> decent firewalls, it seems, should allow you to control this sort of
> thing before it gets to your web server if you can't control it at the
> server itself.
Outstanding idea. I need to review the module specifics.
Tired of spam? Do YOUR part: http://www.BoulderPledge.org
Our DNSRBL - Eliminate Spam: http://www.TQMcube.com/spam_trap.htm
RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
Multi-RBL Check: http://www.TQMcube.com/rblcheck.htm
More information about the list