prevent http cgi flood

Support for security such as Firewalls and securing linux
kylehase
Posts: 25
Joined: 2006/05/13 07:23:58
Contact:

prevent http cgi flood

Postby kylehase » 2008/09/22 09:40:52

I have some perl cgi scripts that are getting hammered. The requests are about 20/second. Most scripts access the database so the server is choking. The attack is not a distributed one but the IP is not static over time.

I thought about using iptables with "-m recent" to limit the requests per second from an IP but I realized that valid page requests typically make multiple requests per second when downloading all the page elements such as images and javascript files.

I also thought about using the above with string matching to search for "cgi-bin" in the URL so only scripts are limited to some number of requests per second and static content would not be limited but string matching is not available in the CentOS4 iptables.

Any suggestions?