> Jacob Yocom-Piatt wrote: >> there is a website protected by pf and running apache on a recent >> openbsd snapshot that needs to be protected against scripting attacks. >> i can configure both pf and apache to help block this behavior but am >> not familiar with the best practices for such configurations. >> >> the situation is that a user who authenticates to apache via htpasswd >> has run a script a number of times in an attempt to mine a database. >> all of the user activity is already logged by apache and it is crystal >> clear that scripting is going on. i would like to stop this scripting >> in its tracks and here is what i am already looking at:
Jacob, what was their response when you spoke with them in person (or on the phone) about the scripting? How, exactly, did you word your request for them to stop? /Lars
