On Sep 28, 2016, at 10:04 PM, Chris Bennett <chrisbenn...@bennettconstruction.us> wrote: > > I don't think bruteforce will be helpful in my case. I do occasionally > get bruteforce attacks, but not very often. > What I usually get are identical attacks of a certain set of variations > of URLs from one IP address. A little later the same thing from another > IP, then another, etc. > > One of the reasons I am thinking of a mod_perl solution is that mod_perl > can step in very early in the Apache process. All kinds of things can be > done long before normal access is available to other processes. > But I have no experience using any of these parts of mod_perl. I have > only used later functions in the cycle.
Just as a random thought, have you considered reverse proxying through something like squid? This would allow you to catch bad requests long before any kind of processing happens in httpd. I think squid even has direct pf integration if you want to go that route. --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
