On Fri, Mar 23, 2007 at 07:39:39PM +0000, Tim Starling wrote:
Block all involved IPs at the firewall. It's a
workable solution as long
as you can identify the problem requests in your logs. It's entirely
feasible to block thousands of IP addresses in this way. Per-IP limits
such as apache's mod_throttle will also help, as will system optimisation
and caching.
Has anyone ever looked into getting mod_throttle or an IDS to write the
DROP rules for the firewall?
Cheers,
-- jra
--
Jay R. Ashworth jra(a)baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA
http://baylink.pitas.com +1 727 647 1274