LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > Feedback/Feature Requests > RFE: API for adding blocked IPs for a vhost/directory "from the side"

Reply
 
Thread Tools Display Modes
  #1  
Old 06-13-2006, 01:59 AM
ts77 ts77 is offline
Senior Member
  
Join Date: Nov 2004
Posts: 288
Default RFE: API for adding blocked IPs for a vhost/directory "from the side"
Hello folks,

I'm having my own DoS-protection build into my php-scripts.
Those are checking how many accesses to the php-pages are done by which ip and so on.
Once a user hits a given threshold his IP is added to a .htaccess-file and removed after a specified ban-time.

that results in the following:
Quote:
2006-06-12 23:44:21.195 [INFO] [HTAccess] Configuration file [/home/xxx/forum_v51/.htaccess] changed.
2006-06-12 23:44:21.195 [INFO] [HTAccess] Updating configuration from [/home/xxx/forum_v51/.htaccess]
2006-06-12 23:44:52.026 [INFO] [HTAccess] Configuration file [/home/xxx/forum_v51/.htaccess] changed.
2006-06-12 23:44:52.026 [INFO] [HTAccess] Updating configuration from [/home/xxx/forum_v51/.htaccess]
2006-06-12 23:44:52.240 [INFO] [HTAccess] Configuration file [/home/xxx/www/forum_v2/.htaccess] changed.
2006-06-12 23:44:52.240 [INFO] [HTAccess] Updating configuration from [/home/xxx/www/forum_v2/.htaccess]
2006-06-12 23:45:17.682 [INFO] [HTAccess] Configuration file [/home/xxx/www/forum_v2/.htaccess] changed.
2006-06-12 23:45:17.682 [INFO] [HTAccess] Updating configuration from [/home/xxx/www/forum_v2/.htaccess]
2006-06-12 23:45:22.331 [INFO] [HTAccess] Configuration file [/home/xxx/forum_v51/.htaccess] changed.
2006-06-12 23:45:22.331 [INFO] [HTAccess] Updating configuration from [/home/xxx/forum_v51/.htaccess]
2006-06-12 23:45:53.306 [INFO] [HTAccess] Configuration file [/home/xxx/www/forum_v2/.htaccess] changed.
2006-06-12 23:45:53.306 [INFO] [HTAccess] Updating configuration from [/home/xxx/www/forum_v2/.htaccess]
2006-06-12 23:45:54.453 [INFO] [HTAccess] Configuration file [/home/xxx/forum_v51/.htaccess] changed.
2006-06-12 23:45:54.453 [INFO] [HTAccess] Updating configuration from [/home/xxx/forum_v51/.htaccess]
2006-06-12 23:46:19.040 [INFO] [HTAccess] Configuration file [/home/xxx/www/forum_v2/.htaccess] changed.
2006-06-12 23:46:19.040 [INFO] [HTAccess] Updating configuration from [/home/xxx/www/forum_v2/.htaccess]
2006-06-12 23:46:19.163 [INFO] [HTAccess] Configuration file [/home/xxx/forum_v51/.htaccess] changed.
2006-06-12 23:46:19.163 [INFO] [HTAccess] Updating configuration from [/home/xxx/forum_v51/.htaccess]
2006-06-12 23:46:49.224 [INFO] [HTAccess] Configuration file [/home/xxx/www/forum_v2/.htaccess] changed.
2006-06-12 23:46:49.224 [INFO] [HTAccess] Updating configuration from [/home/xxx/www/forum_v2/.htaccess]
2006-06-12 23:46:49.228 [INFO] [HTAccess] Configuration file [/home/xxx/forum_v51/.htaccess] changed.
2006-06-12 23:46:49.228 [INFO] [HTAccess] Updating configuration from [/home/xxx/forum_v51/.htaccess]
2006-06-12 23:47:19.554 [INFO] [HTAccess] Configuration file [/home/xxx/forum_v51/.htaccess] changed.
2006-06-12 23:47:19.554 [INFO] [HTAccess] Updating configuration from [/home/xxx/forum_v51/.htaccess]
2006-06-12 23:47:21.382 [INFO] [HTAccess] Configuration file [/home/xxx/www/forum_v2/.htaccess] changed.
2006-06-12 23:47:21.382 [INFO] [HTAccess] Updating configuration from [/home/xxx/www/forum_v2/.htaccess]
which I don't see as a perfomance-enhancement with all its reloading of the htaccess ;-).

Therefore I'd like to see a way to update the blocked ips for a vhost or directory through some api from an app.
Reply With Quote
  #2  
Old 06-14-2006, 09:35 AM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,590
I think .htacess should serve this purpose well, should not be a performance hit itself.
Actually, I think it may not be a good idea to do DoS detection in an external application, as one instance may not know the big picture and hard to make it accurate. Our builtin DoS prevention feature is more effiicient and accurate.
Reply With Quote
  #3  
Old 06-14-2006, 09:38 AM
ts77 ts77 is offline
Senior Member
  
Join Date: Nov 2004
Posts: 288
Maybe your builtin dos-prevention is more efficient but I need to check more variables in the app which can't be done on the server-side, like which page was accessed how often and I don't need to take static files into account either.
Reply With Quote
  #4  
Old 06-14-2006, 09:44 AM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,590
There is an option, "Dynamic Requests/second", for this kind of single point DoS attack, maybe it is not exactly what you have been doing in PHP, but should help.
Reply With Quote
  #5  
Old 06-14-2006, 10:05 AM
xing xing is offline
LiteSpeed Staff
  
Join Date: Oct 2003
Location: Los Angeles, California
Posts: 380
ts77, the best way is to drop packets via dynamic rules:

http://www-128.ibm.com/developerworks/library/l-fw/

With your customize security setup, the above would be the better way to stop traffic at a lower network layer. Otherwise, your blocked users are still wasting LiteSpeed's tcp connections.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 05:07 PM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.