Is there any tool on Linux to automatically modify iptables so as to block a troublesome client based on an analysis of the Apache log? I help run a site that sometimes get overwhelmed by requests from a particular user. The only solution is to add an entry in iptables to block the offending client. Its usually too late by the time I can react manually - hence, I would like some rule based mechanism to modify the iptables. I would guess that some kind of fuzzly logic or statistical analysis would be necessary.
Asked
Active
Viewed 2,378 times
3 Answers
10
You can use something like fail2ban, which IIRC, has an Apache log checker built in.
Glen Solsberry
- 1,536
- 5
- 28
- 38
-
fail2ban comes very close to doing what I want. Looks like I'll have to dig through the source a bit. – Rangachari Anand Apr 30 '09 at 18:51
4
You might want to consider using iptables to rate-limit incoming connections. Which in its most basic setting will give you the ability to limit incoming connections to a number per minute.
For example, you might want to only allow 10 pings per minute from a single IP address. It does get a little more sophisticated than that, with the option to set burst limits on top of long term average limits.
Some good instructions on setting it up http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/
Guy C
- 505
- 1
- 4
- 9
-
Excellent - I had no idea that iptables could even do that. This could be very useful. – Rangachari Anand Apr 30 '09 at 18:50
-
-
my bookmarks http://www.debian-administration.org/articles/187 http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/ – Gene T May 30 '09 at 19:31
