Jeremy Rempel wrote:
We were getting thousands of requests per second from various hosts for files that didn't exist on the apache webserver. I will try setting up the synproxy and see if that helps. Can someone point me to info on setting up synproxy?
If it's legit HTTP requests, your firewall can't further differentiate between the "good" and the "bad". It isn't at all aware of your web server, other than it knows to let TCP 80 to it. You could (I believe, no pfS GUI handy ATM and I don't recall 100% for sure) limit the number of states per source IP in your firewall rules, if you're getting thousands from a single host. if it's just a few requests from many thousands of hosts, you're out of luck there. For an attack like this, you really need either something on the web server itself, or a reverse proxy between your firewall and web server.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
