On 06:59, Igor Cicimov wrote:
>
> Have you tried mod_security? It's very configurable so might suite
your needs.
>
> Sent from my phone
>> On May 20, 2010 3:52 PM, "Peter Horn" <peter.horn @ bigpond.com> wrote:
>>
>> I have a home server running 4 name vhosts, using a dynamic DNS. The
second, third and fourth vhosts are "real" and known to the DNS. The
default (first) vhost is only accessible by IP address (or an abstruse
and unpublished servername). It gets quite a bit of traffic by IP
address which is clearly attempted intrusion. I have "nailed down" the
vhost so any access receives an error response [but see footnote 1 for
an exception]. This does not stop the intruders, of course. If they get
any kind of response at all, they keep trying. Reporting abuse to ISPs
does not seem to help significantly.
>> What I would love to do is behave like a good firewall and not
respond at all to these [insert derogatory expletive]s. I have looked
high and low in the Apache docs and can't find any way to NOT respond.
There are lots of ways to set up sophisticated error responses, but no
way of staying silent.
>> Anyone got any ideas, or should I float this in front of dev@ ?
>>
>> [1] An HTTP OPTIONS request is (correctly) responded to with 200 OK.
I thought this was a bug until I read the RFC again, slowly. An OPTIONS
request refers to the SERVER, not the HOST.
>>
>> [2] For anyone that wants to provoke an attack, visit h t t p : / /
8 8 . 8 0 . 1 0 . 1 from (the public IP of) your server. I haven't tried
this recently, so you may find they've been shut down. They are far from
the worst offenders, but easy to provoke.
>>
>> Regards to all,
>> Peter
>>
I have read the mod_security docs, and it appears that the 'drop' action
is not available in my environment (Windows). The 'deny' action is no
different to what I can achieve anyway. The only thing mod_security can
do for me is more sophisticated classification of malice. So, my
original question remains: Is there a way that Apache can not respond at
all on the default vhost?
Peter
ps This is my fifth attempt to get this message past the apache.org spam
filter... Ripped out anything I can see that might trigger it (assuming
my own email address is innocuous!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
