Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Block an IP address |
|
Author |
|
ian_kinch
Joined: 16 Apr 2013 Posts: 2 Location: Indonesia, Surabaya
|
Posted: Thu 18 Apr '13 6:50 Post subject: Block an IP address |
|
|
Is it possible that i block an IP address dynamically?
Recently, i develop a module which to prevent SYN flood attack. I just figure it out, that the only ap_hook which i can use it to identify the new connection is ap_hook_pre_connection and ap_hook_precess_connection. Then, i want to block the suspicious IP address as soon as possible.
Code: |
#include "httpd.h"
#include "http_config.h"
#include "http_connection.h"
#include "http_core.h"
#include "http_log.h"
#include "http_main.h"
#include "http_protocol.h"
#include "http_request.h"
#include "mod_status.h"
static int pre_connection_handler(conn_rec *c){
int ret;
/*
The return value is OK, DECLINED, or HTTP_mumble. If we return OK, the
server will still call any remaining modules with an handler for this
phase.
*/
ret = OK;
/*
* In this section, i want to block the ip address
* Is there any help?
*/
return ret;
}
static void register_hook(apr_pool_t *pool){
ap_hook_pre_connection(pre_connection_handler, NULL, NULL, APR_HOOK_MIDDLE);
}
module AP_MODULE_DECLARE_DATA pre_conn_module = {
STANDARD20_MODULE_STUFF,
NULL,
NULL,
NULL,
NULL,
NULL,
register_hook
};
|
Sorry, if my explanation is messy, i hope you can understand what i mean. Thank you |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Tue 23 Apr '13 11:08 Post subject: |
|
|
There is already someting called mod_dosevasive. But it sends only a 403. You woud need to block the IP in your firewall before it reaches apache. So apache would have to add dynamicly rules to the firewall. |
|
Back to top |
|
ian_kinch
Joined: 16 Apr 2013 Posts: 2 Location: Indonesia, Surabaya
|
Posted: Tue 23 Apr '13 15:08 Post subject: |
|
|
I tried that mod_evasive, but it handles a massive request, not the true DoS attack (SYN Flood).
By the way, thank you for your suggestion. |
|
Back to top |
|
|
|
|
|
|