Re: [users@httpd] How to close connection instead of sending 403?

Sun, 19 Jun 2005 05:15:40 -0700 

Yes, I see where you're coming from...
Actually, thinking further, you CAN set up mod_security so that it drops the connection - for example, I have this as a default action in my mod_security setup... 


SecFilterDefaultAction 
"deny,log,status:403,system:/usr/local/pft/add_httpd_block %s"



The 'add_httpd_block' script is something I wrote myself to drop the 
connection and block the IP for a while. I just drop all connections 
from that IP (because that's what I want), but I'm sure you could work 
out something that will allow you to drop just this client, thus 
releasing the connection.



You could also reduce the ip idle timeout at the firewall so that 
hanging connections get removed quicker; assuminig the client has given 
up because you're not responding then the connection will be idle - if 
the client has not given up then short of blocking the ip address (which 
you say you don't want to do) there's not much you can do about it anyway.


Rich.



dtufs wrote:


--- Rich <[EMAIL PROTECTED]> wrote:



You can configure mod_securiy so that it will not

respond at all - ie - 
it will just leave the client hanging waiting for a
response (which it 
will never get). Much like a 'silent' firewall.


As I said, not ideal (the connection is still live),

but at least you 
can suppress any outgoing data.



Yes, I read about this possibility in the modsecurity
documentation. However, this does not seem acceptable,
because too many "hanging" connections would very
likely cause DoS in a very short time.

__________________________________________________
Do You Yahoo!?

Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


!DSPAM:42b55914167216989284748!



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to