Aenn Seidhe Priest wrote:
Hello,
a webserver is under attack.
What's required is some kind of filtering software and a firewall that
could do the following:
pass only valid HTTP GET requests and block all other HTTP methods (PUT,
OPTIONS, CONNECT, etc.), possibly validate HTTP GET requests by matching to
local paths;
optionally disable HTTP 1.1 requests;
block excessively long URLs;
have an extensions whitelist/blacklist;
I can't really help you with something that will do this automatically
(although from what I've heard fail2ban might help).
The quickest way to nip a DOS in the butt is check your logs and netstat
-ntap for the offending IP and do:
iptables -A INPUT -s <SOURCE_IP> -j DROP
With a DDOS this becomes more difficult, but usually the average DDOSer
have only so many zombies, and eventually you'll block them all.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
