>>> On Wed, Jul 21, 2010 at 7:14 AM, Aaron Freeman<aaron.free...@layerz.com> >>> wrote: >>> >>>> Just wondering if anybody has ever worked through a scenario where you >>>> could automatically firewall off an IP address that requested a >>>> "poisoned" URL? >>>> >>>> There is an attacker continuously scanning all of our servers for a >>>> specific URL, but from several different IPs. It would be nice to be >>>> able to automatically firewall them off. >>>>
If you're running a Resin instance behind Apache, you could also look at mod_security: http://www.modsecurity.org/ The open-source version is an Apache module with a rule engine (and a rule language) that might be useful to do the kind of thing you're looking for. The core rule sets are fairly substantial (they also deal with, amongst other things, SQL injection and XSS), but if all you want to do is fence off a single URL, you should be able to write a rule for that without too much effort. - Hari _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
