Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Module for adding attackers ip to windows firewall |
|
| Author |
|
Baardmans
Joined: 02 Feb 2012
Posts: 7
Location: Holland
|
 Posted: Tue 21 Aug '12 12:28 Post subject: Module for adding attackers ip to windows firewall |
 |
|
I've done some googling and it appears that it is possible to add IP's to a windows firewall rule through cmd / powershell / programming.
http://stackoverflow.com/questions/4382933/programmatically-add-ip-to-server-2008-firewall-rule
So I wondered if there is an Apache module that checks a request for a certain path/regex, for example "/phpmyadmin" and when found it adds the remote_ip to the firewall rule which in effect blocks the user from the complete server or just http depending on the server rule. Could mod_security do this or something like it? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sat 22 Sep '12 23:35 Post subject: |
|
|
mod security can log and also execute a script
e.g.
SecRule REQUEST_URI "\/phpmyadmin" "log,exec:C:/path/to/ban_it.cmd"
I neverd used mod sec, but found that info on the net.
http://spamcleaner.org/en/misc/modsec2ipt.html |
|
| Back to top |
|
|
|
|
|
|
