logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Building & Member Downloads View previous topic :: View next topic
Reply to topic   Topic: Block an IP address
Author
ian_kinch



Joined: 16 Apr 2013
Posts: 2
Location: Indonesia, Surabaya

PostPosted: Thu 18 Apr '13 6:50    Post subject: Block an IP address Reply with quote

Is it possible that i block an IP address dynamically?

Recently, i develop a module which to prevent SYN flood attack. I just figure it out, that the only ap_hook which i can use it to identify the new connection is ap_hook_pre_connection and ap_hook_precess_connection. Then, i want to block the suspicious IP address as soon as possible.

Code:

#include "httpd.h"
#include "http_config.h"
#include "http_connection.h"
#include "http_core.h"
#include "http_log.h"
#include "http_main.h"
#include "http_protocol.h"
#include "http_request.h"
#include "mod_status.h"

static int pre_connection_handler(conn_rec *c){
   int ret;
   /*
    The return value is OK, DECLINED, or HTTP_mumble.  If we return OK, the
    server will still call any remaining modules with an handler for this
    phase.
    */
   ret = OK;
   
   /*
    * In this section, i want to block the ip address
    * Is there any help?
    */
   
   return ret;
}

static void register_hook(apr_pool_t *pool){
   ap_hook_pre_connection(pre_connection_handler, NULL, NULL, APR_HOOK_MIDDLE);
}

module AP_MODULE_DECLARE_DATA pre_conn_module = {
   STANDARD20_MODULE_STUFF,
   NULL,
   NULL,
   NULL,
   NULL,
   NULL,
   register_hook
};



Sorry, if my explanation is messy, i hope you can understand what i mean. Thank you
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Tue 23 Apr '13 11:08    Post subject: Reply with quote

There is already someting called mod_dosevasive. But it sends only a 403. You woud need to block the IP in your firewall before it reaches apache. So apache would have to add dynamicly rules to the firewall.
Back to top
ian_kinch



Joined: 16 Apr 2013
Posts: 2
Location: Indonesia, Surabaya

PostPosted: Tue 23 Apr '13 15:08    Post subject: Reply with quote

I tried that mod_evasive, but it handles a massive request, not the true DoS attack (SYN Flood).
By the way, thank you for your suggestion. Very Happy
Back to top


Reply to topic   Topic: Block an IP address View previous topic :: View next topic
Post new topic   Forum Index -> Building & Member Downloads