[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] consistently pounded
- Subject: Re: [cobalt-security] consistently pounded
- From: Theodore Jones <theoj@xxxxxxxxxxxxx>
- Date: Tue, 23 May 2000 20:21:57 -0700
So why isn't there a siimple way to have a script watch the error log report
and just add certain IP numbers to the hosts.deny file...?
~ Theo
Adam Crews wrote:
> On Tue, 23 May 2000, Theodore Jones wrote:
>
> | >
> | > 2) You can install tcp wrappers (you really ought to have
> | > 'em running anyway), configure them to monitor the httpd port and
> | > add the bums to your hosts.deny file.
>
> I would strongly discourage tcp wrappers on the http port. You will get a
> huge performance hit. one of the ways that a web server an be so fast is
> because it has several daemons running and waiting for connections. If
> you tcpwrapper this, you can no longer do this. Now, before the web
> daemon can even start up, it must pass the tcpwrappers, then it must load
> and parce the http config file (very slow if you have virtual hosts), and
> finally the http daemon wont take advantage of the ability to do multiple
> requests down a single connection. Every request for an image, page,
> ect.. will result in a tcpwrapper lookup, and the spawning of another http
> daemon. Also if you have any dns slowness at all, tcpwrappers will take
> to long to spawn the web daemon.
>
> -Adam
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security