On Wed, Sep 28, 2016 at 12:20:38PM -0500, Chris Bennett wrote: > I am not sure what is appropriate, given netiqette and practicality for > my server. I am sick of thousands of identical requests in my error log, > plus I want to be able to look over my logs easily to find any real > problems. > > Below is a copy of the question I sent to modp...@perl.apache.org > So far they have never answered any questions I have asked. > > > Right now I am using a simple script from the error log to block > permanently any requests from that IP using OpenBSD pf. > > That simply doesn't work well enough anymore due to the time lag between > 20+ requests at once getting to the log file. > > OpenBSD no longer uses Apache 1 so I am going to move to Apache 2 and > study how to make the changes, so now is a great time for me to move in > anything new that I haven't used before. > > Right now I have a list of regexes for attack URL's and requests for > anything with cgi or php in them, which I don't use. > > At first glance, it seems to me that setting up a filter to use to block > anything in my ever growing list seems appropriate. Right or wrong?
Have you already considered running relayd(8) in front of your web service to filter out malicious requests? See the FILTER RULES section in relayd.conf(5).
