httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Liu, Jack" <Jack....@FALCONJET.COM>
Subject [users@httpd] how to prevent malicious scripting attack
Date Thu, 01 Apr 2004 15:59:29 GMT
  I checked the access.log, and found there are many requests coming from
one IP address. Normally, when human gets one page, he will at least spend
10 or 20 seconds to take a look at the page, then move on to another page.
However, in the log file, the request from this IP address changes page
within mili-seconds constantly and lasts for several hours.  That is why I
believe it is some kind of automation program or scrip running on this IP
address. Human cannot move that fast. 
It cause our HTTP server stop resoponding to users. 
(I know "deny,allow" directive, they only apply to Directory,File,Location.
They don't apply on the Server level. Setting it Directory, File, Location
doesn't help, because the HTTP request still consume resource until the
server cannot take it anymore. If I can set them up at the Server lever,
when the request comes from this IP address, the Sever can drop it
completely without bothering to allocate more resource.)
  Does the HTTP server have the ability to detect such "pattern of behavior"
  If not, any idea of other HTTP server which can do this, detecting such
"pattern of behavior" (so that we may block it in the router).
  Jack Liu

View raw message