I was looking for a script which could block traffic based on this pattern
If a request to open a particular html document comes from the same IP and that IP doesnt waiting untill the page is loaded in full and then re requesting the same page again then block/ban that IP
Is there a script which is able to do that ?
That could be used to stop some kinds of DDoS
If you use Apache and want to filter traffic, why not check out mod_security for rule-based matching. Also, mod_evasive can block based on requests to a page based on a rate of requests/second. That would effectively stop a HTTP DOS if setup properly.
You mean that mod_evasive will block requests which are sent and not complited without waiting for the server response or that its able to block requests which didnt waited for the whole page to load in full ?
If a person sends a flood of requests which exit before the page is served, mod_evasive will still catch it and block it (provided it meets the module configured requirements). mod_evasive will return a server response of 403 when it blocks a client.
A page is compiled and loads after the server response is sent because it is dependant on that response (e.g. do I show a 404 error or do I process the PHP script?).
The problem is that if the server drop only connecting which are droped right after the requets it will not help much.
Often, DDoS attacks are organized the way that the PC id sending a request to a server,its start serving it but then PC doesnt waiting untill the page is fully served and droping connecting,thats why its important to find out the way to drop connectings which arent waiting for the page to load in full and droping connectiong before that stage.
mod_evasive will catch the request the second it touches the server. If it determines that it is a DOS attack (based on tracking all requests), it will block the attack. No waiting for a page to load. No waiting for a file to be served. It will stop the processing, stop the attack, and block it.
mod_evasive can be configured in such a way that you can pass attacking IP's over to a firewall program such as APF. This will further stop the attack by blocking it from the server entirely.
Isn't this what you want? You want a way to stop a DOS attack.
I'm telling you: mod_evasive does exactly what you want.