Jacob Yocom-Piatt wrote:
there is a website protected by pf and running apache on a recent
openbsd snapshot that needs to be protected against scripting attacks.
i can configure both pf and apache to help block this behavior but am
not familiar with the best practices for such configurations.
the situation is that a user who authenticates to apache via htpasswd
has run a script a number of times in an attempt to mine a database.
all of the user activity is already logged by apache and it is crystal
clear that scripting is going on. i would like to stop this scripting
in its tracks and here is what i am already looking at:
- pf - use max-src-X to stop this behavior and log it at the firewall
- apache - less clear on what tools are best, possibly mod_security stuff
the sort of behavior that suggests scripting is more than ~20 http
requests in 120 seconds, in this case all from one ip and using a
single apache/htpasswd username.
i'm looking for some guidance both on which dials to set and where to
set them. i am already aware of the max-src settings but do not know
which ones would be best to set here or a prescription for finding the
right numbers to dial in. with apache i am much more clueless and
believe that the trouble behavior being limited to a single apache
user might be helpful in terms of countermeasures.
cheers,
jake
Some more details would be helpful.
Is this a user who otherwise has a right to access other stuff?
If not, just block that IP address completely with pf.
I have a table in pf called badhosts.
I have a script that scans error_log for certain bad behaviors and adds
those IPs to badhosts table.
Just scan for these things an access_log and/or error_log and block it
from any address that shows up.
If this user is allowed, but just behaving badly, that is a little
harder to fix.
Apache would be the place for those fixes, but that means
adding/altering scripts, etc
--
A human being should be able to change a diaper, plan an invasion,
butcher a hog, conn a ship, design a building, write a sonnet, balance
accounts, build a wall, set a bone, comfort the dying, take orders,
give orders, cooperate, act alone, solve equations, analyze a new
problem, pitch manure, program a computer, cook a tasty meal, fight
efficiently, die gallantly. Specialization is for insects.
-- Robert Heinlein
