Another idea might be to sleep proportional to the length of the URL.
For example, 1k request get 1 second, a 2k request gets 2 seconds. At
least this will slow them down.
Joe.
On May 3, 2004, at 3:16 PM, Ken Williams wrote:
On May 2, 2004, at 8:17 PM, Joel Rees wrote:
My apache log files show that I'm getting two or more of those long
url attacks every day, and access_log grows to over 4Mb in just a
week, in spite of the fact that there are less than ten valid
accesses in any particular day.
How about configuring Apache to disregard (and not log) any URL longer
than a predefined length? Also, what are "those long url attacks", I
haven't heard of them.
-Ken
