Sean Davis wrote:
This is decidedly off-topic....
We run a pretty small website (multi-use) on Apache (2.2) and mod_perl
(along with some php, cgi, and static content). Unfortunately, our
organization has recently decided to institute the policy of scanning
the site on a regular basis for security reasons. The scan software
crawls all links and URLs on the site, hitting each one with multiple
forms of attack. In some parts of the world, this is called a
denial-of-service attack, but here it is called a security scan. I
have no control over the scan parameters, so I am looking for a
meaningful way of limiting the number of connections (not really
bandwidth, since we host VERY large static files) from a single IP.
Any suggestions?
You could do this with mod_perl by using something like
Apache::Scoreboard - http://search.cpan.org/dist/Apache-Scoreboard
Check to see if the number of server side children are maxed out for a
given ip, and return a 503 if that is the case.
But if you are running Linux an alternative way to do this might be with
iptables and the iplimit module - http://linuxgazette.net/108/odonovan.html
HTH
Thanks,
Sean
--
Red Hot Penguin Consulting LLC
mod_perl/PostgreSQL consulting and implementation
http://www.redhotpenguin.com/
