/ Zope / Apsis / Pound Mailing List / Archive / 2012 / 2012-09 / How to deny attacker?

[ << ] [ >> ]

[ SSL_CTX_use_PrivateKey_file Driving me insane / ... ] [ Re: [Pound Mailing List] How to deny attacker? ... ]

How to deny attacker?
"Jaroslav Lukesh" <lukesh(at)seznam.cz>
2012-09-27 18:25:42 [ FULL ]
Dear Sirs,

I want to block some DoS attacker at pound side (pound 1.8, does not have 
other possibilities - tiny HW), but none of this does not work:

UrlGroup.....
HeadRequire....
HeadDeny REMOTE_ADDR "ipaddress"
HeadDeny HTTP_X_FORWARDED_FOR "ipaddress1, ipaddress2"
EndGroup

How to do it successfully, please?

Regards, J. Lukesh

Re: [Pound Mailing List] How to deny attacker?
Jari Fredriksson <jari.fredriksson(at)digital-identity.com>
2012-09-27 18:49:54 [ FULL ]
27.09.2012 19:25, Jaroslav Lukesh kirjoitti:[...]

Don't you have a firewall?
[...]

Re: [Pound Mailing List] How to deny attacker?
Scott McKeown <scott(at)loadbalancer.org>
2012-09-27 19:39:54 [ FULL ]
iptabels would be the best option if your on a unix platform as this is at
the kernel level and not software level which would save some processor
overhead. Otherwise if you have an upstream firewall I would look at
blocking the addresses or whole subnet there.
Other than that Im not sure you can do what you want with pound itself.

~Scott
 On Sep 27, 2012 5:38 PM, "Jaroslav Lukesh" <lukesh(at)seznam.cz> wrote:
[...]
Attachments:  
text.html text/html 1308 Bytes

Re: [Pound Mailing List] How to deny attacker?
"Jaroslav Lukesh" <lukesh(at)seznam.cz>
2012-09-27 20:14:09 [ FULL ]
----- Původní zpráva ----- 
Od: "Jari Fredriksson" <jari.fredriksson(at)digital-identity.com>

[...][...][...]

Yes, but I need to block IP in HTTP_X_FORWARDED_FOR, not the remote address, 
because attacker uses proxy. I was try both, but I does not know if pound 
interpret this rule sucessfully.

Regards, JL.

MailBoxer