From owner-freebsd-questions Mon Sep 25 7:57:47 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.psknet.com (NS1.PSKNET.COM [63.171.251.2]) by hub.freebsd.org (Postfix) with SMTP id 1729B37B424 for ; Mon, 25 Sep 2000 07:57:41 -0700 (PDT) Received: (qmail 91914 invoked from network); 25 Sep 2000 14:59:46 -0000 Received: from arcadia.psknet.com (HELO arcadia) (63.171.251.13) by mail.psknet.com with SMTP; 25 Sep 2000 14:59:46 -0000 From: "Troy Settle" To: , Subject: tarpitting bad HTTP requests (WAS: RE: question) Date: Mon, 25 Sep 2000 10:58:18 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-Mimeole: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <39CF6209.5AAD0F8D@reif.cncdsl.com> X-AntiVirus: scanned for viruses by AMaViS 0.2.1-pre3 (http://amavis.org/) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've not tested this myself, but you might have good luck with using the ErrorDocument directive to redirect to either a cgi script or just your main page. ErrorDocument 401 /index.html or ErrorDocuemnt 401 /cgi-bin/tarpit.pl If you opt for the cgi idea, you can then use a perl or other script to do your tar pitting. But, before you make this effort, make sure that this will do what you expect. I assume that you've actually examined the logs to see that the /same/ host is sending several bad requests in rapid succession? G'luck, -- Troy Settle Pulaski Networks 540.994.4254 It's always a long day, 86400 doesn't fit into a short > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of webmaster > Sent: Monday, September 25, 2000 10:33 AM > To: freebsd-questions@FreeBSD.ORG > Subject: question > > > I have searched extensively for info on this subject and > have found nothing. I admin a server which gets allot of > bad requests daily. In fact, it has over 400 meg in bad > log files daily. > > I asked a real Unix guru about the problem and he recommended > using tar pitting. The idea is that every time a bad request > is generated by an I.P. the time the server takes to respond is > increased. > Example: > Bad request #1. server answers with 401 error in 1 second > Bad request #1. server answers with 401 error in 2 seconds > Bad request #1. server answers with 401 error in 4 seconds > > This sounds like the perfect answer to many problems with > a variety of server attacks. The problem is I can only find > info on the subject relating to spam mail and sendmail. > Any help would be extremely appreciated. > > Thanks in advance for your time. > Terry Reifsnyder > > Please RE: treif1@netaxs.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message