[CentOS] Centos VPS Kernel 2.6.35.4 & 'string-less' IP tables
John R Pierce
pierce at hogranch.com
Wed Aug 31 15:41:58 UTC 2011
On 08/31/11 8:22 AM, Always Learning wrote:
> Looking at your example seems to suggest Fail2Ban is an 'after the
> event' response. I would like to implement 'before the event' filtering
> which prevents, even on the first detected hacking attempt, anything
> reaching HTTPD.
so you want another piece of software to parse the http protocol and
analyze the traffic, before passing it on to your web server, which is
going to parse the http protocol and deliver content? good luck with that.
of course, to even consider doing such you would have to, in very
precise terms, define exactly what comprises a 'hacking attempt'. do
you give this filter a list of all valid URLs and trigger your block on
any that aren't on that list?
anyways, the design of such would better be discussed on a security
tools mail list as its a very general topic, there's nothing here even
remotely centos specific.
--
john r pierce N 37, W 122
santa cruz ca mid-left coast
More information about the CentOS
mailing list