Results 1 to 8 of 8
  1. #1
    Join Date
    Mar 2004
    Posts
    1,005

    Script to block connections?

    Hi,

    I was looking for a script which could block traffic based on this pattern
    If a request to open a particular html document comes from the same IP and that IP doesnt waiting untill the page is loaded in full and then re requesting the same page again then block/ban that IP

    Is there a script which is able to do that ?
    That could be used to stop some kinds of DDoS
    Best Regards,
    Namesniper

  2. #2
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    If you use Apache and want to filter traffic, why not check out mod_security for rule-based matching. Also, mod_evasive can block based on requests to a page based on a rate of requests/second. That would effectively stop a HTTP DOS if setup properly.
    Jakiao

  3. #3
    Join Date
    Mar 2004
    Posts
    1,005
    I know about mod_security and mod_evasive and that mod_evasive can block access based on rate request but can it block based on whther if the reqested PC has waiting for the page to fuly load ?
    Best Regards,
    Namesniper

  4. #4
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    mod_evasive catches the request before the page is even processed. So yes, it would stop someone who sends requests and then stops execution.

    Apache requests work in the form off Request->HTTP:80->modules (e.g. mod_evasive, mod_security)->Process request->Return page data
    Jakiao

  5. #5
    Join Date
    Mar 2004
    Posts
    1,005
    You mean that mod_evasive will block requests which are sent and not complited without waiting for the server response or that its able to block requests which didnt waited for the whole page to load in full ?
    Best Regards,
    Namesniper

  6. #6
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    If a person sends a flood of requests which exit before the page is served, mod_evasive will still catch it and block it (provided it meets the module configured requirements). mod_evasive will return a server response of 403 when it blocks a client.

    A page is compiled and loads after the server response is sent because it is dependant on that response (e.g. do I show a 404 error or do I process the PHP script?).
    Jakiao

  7. #7
    Join Date
    Mar 2004
    Posts
    1,005
    The problem is that if the server drop only connecting which are droped right after the requets it will not help much.

    Often, DDoS attacks are organized the way that the PC id sending a request to a server,its start serving it but then PC doesnt waiting untill the page is fully served and droping connecting,thats why its important to find out the way to drop connectings which arent waiting for the page to load in full and droping connectiong before that stage.
    Best Regards,
    Namesniper

  8. #8
    Join Date
    Jun 2003
    Location
    Janesville, Wi
    Posts
    1,516
    mod_evasive will catch the request the second it touches the server. If it determines that it is a DOS attack (based on tracking all requests), it will block the attack. No waiting for a page to load. No waiting for a file to be served. It will stop the processing, stop the attack, and block it.

    mod_evasive can be configured in such a way that you can pass attacking IP's over to a firewall program such as APF. This will further stop the attack by blocking it from the server entirely.

    Isn't this what you want? You want a way to stop a DOS attack.

    I'm telling you: mod_evasive does exactly what you want.
    Jakiao

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •