Aaron Freeman wrote: > Just wondering if anybody has ever worked through a scenario where you > could automatically firewall off an IP address that requested a > "poisoned" URL? > > There is an attacker continuously scanning all of our servers for a > specific URL, but from several different IPs. It would be nice to be > able to automatically firewall them off. > > Has anybody done anything like that before? > I've added a bug report for this. http://bugs.caucho.com/view.php?id=4133
I think with a little bit of work we can support something like this. Resin's throttling capability could be changed and extended a bit to allow programmatic control, for example blacklisting IP addresses. Then it would be straightforward to create a rewrite action that blacklisted the IP as a side-effect. -- Scott > Thanks, > > Aaron > > > _______________________________________________ > resin-interest mailing list > resin-interest@caucho.com > http://maillist.caucho.com/mailman/listinfo/resin-interest > > _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest