Hi, On Thu, May 3, 2012 at 5:48 PM, Neha Chriss <[email protected]> wrote:
> Hello > > I am wondering if any one can recommend a method of identifying repeated > POST attempts to a single URI with Security VCL or through some native > varnish mechanism. I am currenlty using security vcl as a WAF with the > modsecurity CRS. We occasionally have malicious users who will attempt to > bruteforce promotions codes, or, alternative, attempt to scan our web > application for vulnerabilities. I am looking for a way to mitigate these > risks at the WAF-layer.. any suggestions? > You could build something on top of the variable vmod. It probably needs a data structure that scales better, a hash or a tree. Then you can store IP-adress+URL somewhere and count the occurrences and blacklist clients whenever they pass a threshold. Or something. -- Per Buer Phone: +47 21 98 92 61 / Mobile: +47 958 39 117 / Skype: per.buer *Varnish makes websites fly!* Whitepapers <http://www.varnish-software.com/whitepapers> | Video<http://www.youtube.com/watch?v=x7t2Sp174eI> | Twitter <https://twitter.com/varnishsoftware>
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
