Aaron Freeman wrote:
> Just wondering if anybody has ever worked through a scenario where you
> could automatically firewall off an IP address that requested a
> "poisoned" URL?
> There is an attacker continuously scanning all of our servers for a
> specific URL, but from several different IPs. It would be nice to be
> able to automatically firewall them off.
> Has anybody done anything like that before?
I've added a bug report for this. http://bugs.caucho.com/view.php?id=4133
I think with a little bit of work we can support something like this.
Resin's throttling capability could be changed and extended a bit to
allow programmatic control, for example blacklisting IP addresses. Then
it would be straightforward to create a rewrite action that blacklisted
the IP as a side-effect.
> resin-interest mailing list
resin-interest mailing list