Hi,
...
It is VERY easy for mod_proxy of Apache to recognize such sessions and block them. Before I'm starting such a project, I'd like to know:
1. Is there any existing code and/or module that implements this? 2. Is there any plan to add this to Apache / mod_proxy? My plan will take a long time... 3. Is there anything that can be learned from other proxies (e.g Squid) regarding this issue? 4. Can anybody add anything to the details that I wrote or has anything else to contribute to the effort?
Well, of the top of my head, you can stop this spam with mod_security and this line (just a crude filter, there are probably other better and more effective ways to do it):
SecFilterSelective REQUEST_URI ":25"
But I would say that it would be better to change mod_proxy to block such requests by default. People who are likely to install and use mod_security are unlikely to have their proxies widely open like this.
-- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
