WebApp Sec: Re: Combatting automated download of dynamic websites?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Combatting automated download of dynamic websites?

From: Achim Hoffmann <kirke11 () securenet de>
Date: Wed, 31 Aug 2005 22:47:31 +0200 (MEST)


On Mon, 29 Aug 2005, Matthijs R. Koot wrote:

!! In specific, I was wondering if it's possible and sensible to limit the
!! allowed number of requests for certain pages per minute/hour.

how about using iptables (if available on your system/router in front):

iptables -A FORWARD -p tcp --dport 80 -d <IP>   --syn -m dstlimit --dstlimit-mode srcipdstip-dstport --dstlimit 1/sec 
-j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -d <IP> ! --syn -j ACCEPT
iptables -A FORWARD -p tcp --dport 80 -d <IP>   --syn -j DROP
# allows an average of 1 syn/sec and max. 5 syns in a burst, see iptables'
# man-page for more details

{-: Achim

By Date By Thread

Current thread:

Re: Combatting automated download of dynamic websites?, (continued)
- Re: Combatting automated download of dynamic websites? Achim Hoffmann (Aug 31)
- Re: Combatting automated download of dynamic websites? Tony Stahler (Aug 30)
  - Message not available
    - Fwd: Combatting automated download of dynamic websites? Mark Quinn (Aug 31)