> You don't mention anything about the rate... > Anyway, fail2ban does look at hosts individually ...it doesn't > "lump together stats for requests coming from different IP > addresses". > > If this "DOS" attack simply involves -for instance- requests to > legitimate web pages and not attempts to brute force log in to your > website (using - for example - a "dictionary attack") then you are > really talking about an attack that is simply a matter of "rate". > In other words these ten hosts are requesting legitimate web pages > from your site at a very high rate (perhaps tens or hundreds of > requests per second). > > If that's the case then the tool for that is apache "mod evasive" - > not fail2ban.
Good point. fail2ban isn't exactly the right tool for this. - Grant ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
