Date: Mon, 9 Sep 2002 12:49:47 -0500 From: Eric Six <erics@sirsi.com> To: "'Kim Scarborough'" <sluggo@unknown.nu>, freebsd-questions@FreeBSD.ORG Subject: RE: Content-based web filtering? Message-ID: <DC32C8CEB3F8D311B6B5009027DE5AD5046FA9DB@stlmail.dra.com>
next in thread | raw e-mail | index | archive | help
Are these attacks coming from the same hosts? Or are they from different places? Are they all port 80 attacks? If these are all standard http get requests, there is no way in particular to filter them that I know of. Last time this happened to me, I blocked the hosts the requests were coming from on my firewall (around 20 different hosts). End of problem. -----Original Message----- From: Kim Scarborough [mailto:sluggo@unknown.nu] Sent: Monday, September 09, 2002 12:38 PM To: freebsd-questions@FreeBSD.ORG Subject: Content-based web filtering? I'm running an Apache web server on 4.6.2-RELEASE that hosts several virtual domains. One of these is somewhat controversial, and every few days I've been getting a distributed denial of service attack through massive numbers of requests for a particular file from poorly-configured proxy servers all over the world. It doesn't affect the OS, but it does choke httpd by using up all the available servers. In the past, I've blocked the DOS attacks by simply IPFW-ing out the offending host, but with this attack there are hundreds of hosts. What is constant, however, are the user agent and file request strings; they are always the same. So if there was some way to filter based on that, I'd be safe (at least for now). But IPFW can't do that, right? So I'd need to either find a firewall that will, or maybe put a small proxy server to intercept these requests and let everything else through to Apache. Does anybody have any thoughts on how to deal with this? If you think one of the two solutions above is the way to go, any software recommendations? Does anyone have another idea altogether? I'm kinda stumped here, and the way I'm dealing with it at the moment is to shut down the targeted site, which of course is unacceptable. ---------------------------------------------------------------------------- Kim Scarborough http://www.unknown.nu/kim/ ---------------------------------------------------------------------------- "Football combines the two worst features of American life: violence and committee meetings." -George Will ---------------------------------------------------------------------------- Now listening to: Raymond Scott - "The Happy Whistler" ---------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DC32C8CEB3F8D311B6B5009027DE5AD5046FA9DB>