WebApp Sec mailing list archives

Re: fail2ban

From: Dale Stirling <dale () puredistortion com>
Date: Tue, 26 Oct 2010 18:20:26 +1100

Kai,

Here are a few ideas:

Apache Allow,Deny something like.

Order Deny Allow
Deny <the ip making requests>
Allow all

IP tables:

iptables -A INPUT --source <ip making requests> -j REJECT

That will block the IP from making any connections to your server.

Also fail2ban has several ready made apache rules in it it would not
be hard to copy and adapt one of these the pre made rules are in
/etc/fail2ban/fal2ban.d and /etc/fail2ban/jail.conf

Dale

On Fri, Oct 22, 2010 at 2:40 AM, Kai Witzke <security () gaark de> wrote:

Hey everybody!

I have some serious problems with flooding attacks to my apache2. No
problems with logins oder syn floods, just a huge amount of simple
requests to my server from the same ip. Anyone got a nice howto on that
or maybe a nice regex prepared for counting such requests and blocking
the greedy ones?

thanks in advance
Kai




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------




This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

fail2ban Kai Witzke (Oct 25)
- Re: fail2ban Adrian J Milanoski (Oct 25)
  - Re: fail2ban Ryan Dewhurst (Oct 26)
    - Re: fail2ban primehaxor (Oct 26)
- Re: fail2ban Jamuse (Oct 26)
- Re: fail2ban Rafel Ivgi (Oct 26)
- Re: fail2ban Dale Stirling (Oct 26)
- RE: fail2ban Perry B. Whelan (Oct 26)
  - Re: fail2ban robert (Oct 28)
- Re: fail2ban Adrian J Milanoski (Oct 28)
- <Possible follow-ups>
- Re: fail2ban Alexandro Silva (Oct 31)