Re: Filtering bad http requests

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Filtering bad http requests
Date: Thu, 17 Jan 2008 20:44:58 -0600	[thread overview]
Message-ID: <479012AA.5000905@riverviewtech.net> (raw)
In-Reply-To: <478FDA5E.6050908@alumni.uwaterloo.ca>

On 1/17/2008 4:44 PM, Mike Leahy wrote:
> I'm wondering if anyone knows of a simple way to filter out bad HTTP
> requests being sent to my server.  You'll find an example of my apache
> log below.  What I would like to do is set this up so that if somebody
> makes too many 404/403 requests within a short period of time (say 5
> hits within 5 minutes), then the IP gets temporarily banned.  I've
> iptables setup to do this sort of thing with brute force ssh login
> attempts.  Below is a simple example of how I have accomplished this (I
> adopted this method from sample I found posted online somewhere).  I'm
> wondering how difficult it might be to do the same (i.e., identify
> connections that get 404/403 responses from httpd, and temporarily ban
> their IP).

Consider using the layer 7 filter to look for the 4xx error codes in 
conjunction with the recent match extension to realize which system(s) 
are causing ""problems.  Use the recent match extension to start 
rejecting new connections from the ""problem system(s).



Grant. . . .

next prev parent reply	other threads:[~2008-01-18  2:44 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-17 22:44 Filtering bad http requests Mike Leahy
2008-01-18  2:44 ` Grant Taylor [this message]
2008-01-18  8:34 ` G.W. Haywood

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=479012AA.5000905@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.