On Fri, Mar 23, 2007 at 07:39:39PM +0000, Tim Starling wrote:
Block all involved IPs at the firewall. It's a workable solution as long as you can identify the problem requests in your logs. It's entirely feasible to block thousands of IP addresses in this way. Per-IP limits such as apache's mod_throttle will also help, as will system optimisation and caching.
Has anyone ever looked into getting mod_throttle or an IDS to write the DROP rules for the firewall?
Cheers, -- jra