On Tue, 2006-05-23 at 17:05 +0000, Mark Stosberg wrote:
> We use mod_evasive for Apache as a general tool to prevent repeated
> requests to the same page.
>
> http://www.nuclearelephant.com/projects/mod_evasive/
>
> It works fairly well, but doesn't protect against distributed attacks
> (which can look like
> legimate heavy traffic), or attacks that request many pages in a
> round-robin fashion.
Interesting, but it looks like it wouldn't protect against anyone not
using keep-alive connections, since they won't hit the same child
process. It certainly won't notice hits spread across a cluster of
machines. It seems more aimed at simple DoS tools.
There are a number of other apache modules that do this sort of thing on
a virtual host basis, but none that I've seen let you limit a specific
URL or use session IDs instead of IPs for identifiers.
- Perrin
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.