• Blocking client based on HTTP request

    From Sandman@1:0/0 to All on Fri May 24 15:07:35 2013
    So, as my other thread may suggest, I have problems with users flooding
    my server with requests for /wpad.dat

    Is there an easy way to use iptables to trigger on those requests and
    then add the IP to a blacklist?

    --
    Sandman[.net]

    --- MBSE BBS v0.95.15 (GNU/Linux-x86_64)
    * Origin: The Kofo BBS MBSE - telnet://fido1.kofobbs.ne
  • From David Hough@110:300/1.1 to All on Fri May 24 20:42:19 2013
    Sandman wrote:

    So, as my other thread may suggest, I have problems with users flooding
    my server with requests for /wpad.dat

    Is there an easy way to use iptables to trigger on those requests and
    then add the IP to a blacklist?

    Try fail2ban <http://www.fail2ban.org> as one possible candidate.

    I've not yet tried to use it but it's on my to-do list.

    Dave


    --- MBSE BBS v0.95.15 (GNU/Linux-x86_64)
    * Origin: the bus stop (110:300/1.1@linuxnet)
  • From Sandman@1:0/0 to All on Fri May 24 21:11:26 2013
    In article <bto47a-45c.ln1@llondel.org>,
    David Hough <noone$$@llondel.org> wrote:

    Sandman wrote:

    So, as my other thread may suggest, I have problems with users flooding
    my server with requests for /wpad.dat

    Is there an easy way to use iptables to trigger on those requests and
    then add the IP to a blacklist?

    Try fail2ban <http://www.fail2ban.org> as one possible candidate.

    I've not yet tried to use it but it's on my to-do list.

    I looked at it earlier, it seems to be a clinet/server (why?) solution
    to add rules to iptables.

    I did that myself instead by using a script to parse the last 1000
    rows of the httpd log file, find the unique hosts that are requesting
    the wpad.dat file and thern adding them to a blacklist file, and then
    add them to an iptable block.

    The file now contain 4802 unique spamming hosts, and I'm a bit worried
    about iptables being too burdoned by so many firewall rules.




    --
    Sandman[.net]

    --- MBSE BBS v0.95.15 (GNU/Linux-x86_64)
    * Origin: The Kofo BBS MBSE - telnet://fido1.kofobbs.ne