LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-08-2011, 07:18 AM   #1
Seregwethrin
Member
 
Registered: Feb 2008
Posts: 112

Rep: Reputation: 16
Question How to block connections to Apache if client doesn't have valid request headers?


Hi,

My server gets ddos attacks. I dig into access logs and I saw that attacker ips doesn't have valid requests headers, like their browser application info or requested url info.

I want to close those connections immediately, and if it's possible block those ips for a time period.

Can I do that with Apache and iptables?

I searched on the internet but couldn't find useful results. Probably couldn't search for the right words. If there are some pages or keywords to type please let me know.

Thanks
 
Old 02-08-2011, 08:29 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,218
Blog Entries: 1

Rep: Reputation: 2073Reputation: 2073Reputation: 2073Reputation: 2073Reputation: 2073Reputation: 2073Reputation: 2073Reputation: 2073Reputation: 2073Reputation: 2073Reputation: 2073
Hi,

You can use mod_rewrite to forbid access. For example to block a user-agent like "BAD-AGENT" and/or a GET request for phpmyadmin for example, you can use
Code:
RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} "BAD-AGENT" [OR]
RewriteCond %{THE_REQUEST} ^GET\ /phpmyadmin
RewriteRule (.*) - [F]
Of course you can add more user-agent strings or request (like POST, CONNECT etc).

Now if you want to ban them for a time period you can use fail2ban

Regards
 
Old 02-08-2011, 12:21 PM   #3
Seregwethrin
Member
 
Registered: Feb 2008
Posts: 112

Original Poster
Rep: Reputation: 16
Well thanks, I've modified the apache mod_rewrite script and applied.
I'm still working on fail2ban
Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Misconfigured client uses all available Apache connections Sagebrush Gardener Linux - Server 6 06-23-2008 10:00 PM
mp3 file server called by apache won't respond to client request otie Linux - Server 2 04-16-2008 01:55 PM
fd0 not a valid block device jdtiede Linux - Software 5 04-09-2004 08:25 AM
cdrom not a valid block device moon69 Linux - General 2 01-18-2003 02:31 PM
sda is not a valid block device joesecone Linux - Hardware 7 07-29-2002 07:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration