Date: Mon, 9 Sep 2002 12:38:13 -0500 From: "Kim Scarborough" <sluggo@unknown.nu> To: <freebsd-questions@freebsd.org> Subject: Content-based web filtering? Message-ID: <029901c25827$ac4977e0$23638780@uchicago.edu>
next in thread | raw e-mail | index | archive | help
I'm running an Apache web server on 4.6.2-RELEASE that hosts several virtual domains. One of these is somewhat controversial, and every few days I've been getting a distributed denial of service attack through massive numbers of requests for a particular file from poorly-configured proxy servers all over the world. It doesn't affect the OS, but it does choke httpd by using up all the available servers. In the past, I've blocked the DOS attacks by simply IPFW-ing out the offending host, but with this attack there are hundreds of hosts. What is constant, however, are the user agent and file request strings; they are always the same. So if there was some way to filter based on that, I'd be safe (at least for now). But IPFW can't do that, right? So I'd need to either find a firewall that will, or maybe put a small proxy server to intercept these requests and let everything else through to Apache. Does anybody have any thoughts on how to deal with this? If you think one of the two solutions above is the way to go, any software recommendations? Does anyone have another idea altogether? I'm kinda stumped here, and the way I'm dealing with it at the moment is to shut down the targeted site, which of course is unacceptable. ---------------------------------------------------------------------------- Kim Scarborough http://www.unknown.nu/kim/ ---------------------------------------------------------------------------- "Football combines the two worst features of American life: violence and committee meetings." -George Will ---------------------------------------------------------------------------- Now listening to: Raymond Scott - "The Happy Whistler" ---------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?029901c25827$ac4977e0$23638780>