Pablo Fischer wrote:
> As many of you know, today there are tons of spam robots written for
> many different (web)applications and sadly, many of these
> applications have a very poor spam filtering system or sometimes
> this support is only supported in development versions (which you
> can't install on a production system).
Believe me, I feel your pain.. I do. :-/
> One of the nice features of mod_security is that it lets you
> log/deny/allow/redirect/otherstuff any attempt of attack to your web
> server, web application or virtual host, it scans the POST and GET
> requests thing that the rewrite stuff can't do (it only scans GET iirc).
>
> Of course mod_security lets you do more than blocking spammers but I
> decided to use it (Apache, sadly) to battle the spam I was receiving via
> Trac. Why I'm writing this to the list? Cause it would be nice to have a
> feature like this on Cherokee cause sometimes you are running weak
> webapplications[2] and you are out of weapons to win the
> spammers/attackers and the only weapon you have is your webserver.
I like the idea, it seems like a really interesting feature to have.
So, let's think how do we want to get it implemented.
My first idea is to create a new type of module. Until now, I have
had handlers, validators, loggers and encoders. The idea would be
to implement a new type, filters, to do this sort of things.
For example, we could have filters like: get_filter or post_filer.
Imagine something like this:
==========
Filter post_filter {
RegEx "(viagra|casino)" {
Action Drop
}
}
Filter get_filter {
RegEx "(cash|win)" {
Action Redirect http://example.com
}
}
Filter get_filer, post_filter {
RegEx "(lottery|prize)" {
Action Exec "iptable %ip .."
Action Drop
}
}
==========
By the way, do NOT look at the grammar. This feature would be
implemented in Cherokee 0.6 (or 0.7), and at that point all this
kind of configuration files will be deprecated. We are moving
forward to a much handier configuration system, so the important
thing here is not the way in which it is written but what is
actually written down.
Ideas? Thoughts? :-)
--
Greetings, alo.
_______________________________________________
Cherokee mailing list
[email protected]
http://www.0x50.org/cgi-bin/mailman/listinfo/cherokee
