You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by samaneh berenjian <sa...@aut.ac.ir> on 2013/12/29 16:23:42 UTC

[users@httpd] Making delay in apache

hi dear users,
I have installed modsecurity on my apache server. When ever a bad request is logged by modsecurity, i process the logs of modsecurity logfile. Ihave set modsecurity in detection only mode and i want apache to not to response to bad request when i am processing the log of bad request. 
Is anyone aware of some type of apache sleep or delay configuration that will easily allow me to configure this? For example, tell apache to wait  10 seconds before responding to any request.

Re: [users@httpd] Re: Making delay in apache

Posted by samaneh berenjian <sa...@aut.ac.ir>.

hi dear users,
Actually these solutions are not something that i really want. If i block the incoming port for few seconds or make the service unavailable, Maybe a victim user do not try to send her/his request again. Something that i want is whenever a request comes i make a delay something like that the user thinks that  the server is not fast to replies, but not completely refuse the connection and request fr seconds. I mean i want the user request to be in a stable status till i decide in his/her request. How can i implement such a scenario? Another thing is that i use modsecurity as a firewall and there is a filter on modsecurity to use an external script. Do you know how can i write a perl or bash script that with it i can do something like this?One of users write a perl script for such a purpose but i do not exactly if it could be useful or not. the code and its description is here:
In conf.d/perl.conf add this line:
PerlInitHandler MyDelay

Contents of MyDelay.pm are as follows:

package MyDelay;

# This package can be used in conjunction with a
# PerlInitHandler directive to slow down a connection
# based on an ip address

# Example: set in perl.conf
# To slow down a particular request
#<Location /delay_test.html>
#   PerlInitHandler MyDelay
#</Location>
#
# or outside of any Location, File, etc to slow down all requests
#  PerlInitHandler MyDelay

use strict;
use Apache2::RequestRec;
use Apache2::Const;             # for OK
use Apache2::Connection;		# for remote_ip

sub handler
{
    my $r = shift;
    my($c);
    my($ip_addr);

    $c = $r->connection;
    $ip_addr = $c->remote_ip;
    if ($ip_addr eq "my ip address")
    {
       print STDERR ("in MyDelay:handler\n");
       print STDERR ("ip_addr = $ip_addr\n");
       sleep (30);
    }

    return OK;
}

1;

I do not know exactly that it could be a useful perl script for such a purpose. Is anyone aware of usefulness of such script to make apache slow to respond to a request?
I really need your help,Best Regards

On Wed, 01/01/2014 06:40 AM, Jonesy &lt;gmane@jonz.net&gt; wrote:
> On Tue, 31 Dec 2013 23:01:00 +0330, Ali Majdzadeh wrote:
> >
> > Jonesy,
> > Of course, but does this make any difference if you force Apache not to
> > process requests for a specified amount of time?
> 
> If you are going to take a web site offline, you should serve up 
> something besides 404's, or "domain unreachable" -- unless it's 
> just a vanity|hobby web site, I suppose.
> 
>  503 Service Unavailable
>     The server is currently unavailable (because it is overloaded 
>     or down for maintenance).[2] Generally, this is a temporary state. 
> 
> Jonesy
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
>

[users@httpd] Re: Making delay in apache

Posted by Jonesy <gm...@jonz.net>.

On Tue, 31 Dec 2013 23:01:00 +0330, Ali Majdzadeh wrote:
>
> Jonesy,
> Of course, but does this make any difference if you force Apache not to
> process requests for a specified amount of time?

If you are going to take a web site offline, you should serve up 
something besides 404's, or "domain unreachable" -- unless it's 
just a vanity|hobby web site, I suppose.

 503 Service Unavailable
    The server is currently unavailable (because it is overloaded 
    or down for maintenance).[2] Generally, this is a temporary state. 

Jonesy


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Re: Making delay in apache

Posted by Ali Majdzadeh <al...@gmail.com>.

List,
Sorry for my previous post, it contained my signature.

Regards,
Ali




2013/12/31 Ali Majdzadeh <al...@gmail.com>

> Jonesy,
> Of course, but does this make any difference if you force Apache not to
> process requests for a specified amount of time?
>
> Regards,
> Ali
>
> *Ali Majdzadeh Kohbanani*
> *Managing Director*
> *Abshar Data Processing*
>
>
> *Tel:+982188500542*
>
> * Fax: +982188500691*
> *Cell:+989123614728*
>
> *majdzadeh@abshar.biz <ma...@abshar.biz> *
> *http://www.abshar.biz <http://www.abshar.biz>*
>
>
>
> 2013/12/31 Jonesy <gm...@jonz.net>
>
>> On Tue, 31 Dec 2013 22:12:22 +0330, Ali Majdzadeh wrote:
>> >
>> > Samaneh,
>> > Hi
>> > I am not aware or even heard of such a configuration option, but if you
>> > require Apache not to process requests for a specified amount of time,
>> you
>> > can use iptables in order to block traffic coming for port 80 for 10
>> > seconds and release it after the job is done.
>>
>> During which time the Google, Bing and Yahoo spiders will visit
>> and remove your web site(s) from search results.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>

Re: [users@httpd] Re: Making delay in apache

Posted by Ali Majdzadeh <al...@gmail.com>.

Jonesy,
Of course, but does this make any difference if you force Apache not to
process requests for a specified amount of time?

Regards,
Ali

*Ali Majdzadeh Kohbanani*
*Managing Director*
*Abshar Data Processing*


*Tel:+982188500542*

* Fax: +982188500691*
*Cell:+989123614728*

*majdzadeh@abshar.biz <ma...@abshar.biz>*
*http://www.abshar.biz <http://www.abshar.biz>*



2013/12/31 Jonesy <gm...@jonz.net>

> On Tue, 31 Dec 2013 22:12:22 +0330, Ali Majdzadeh wrote:
> >
> > Samaneh,
> > Hi
> > I am not aware or even heard of such a configuration option, but if you
> > require Apache not to process requests for a specified amount of time,
> you
> > can use iptables in order to block traffic coming for port 80 for 10
> > seconds and release it after the job is done.
>
> During which time the Google, Bing and Yahoo spiders will visit
> and remove your web site(s) from search results.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

[users@httpd] Re: Making delay in apache

Posted by Jonesy <gm...@jonz.net>.

On Tue, 31 Dec 2013 22:12:22 +0330, Ali Majdzadeh wrote:
>
> Samaneh,
> Hi
> I am not aware or even heard of such a configuration option, but if you
> require Apache not to process requests for a specified amount of time, you
> can use iptables in order to block traffic coming for port 80 for 10
> seconds and release it after the job is done.

During which time the Google, Bing and Yahoo spiders will visit 
and remove your web site(s) from search results.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Making delay in apache

Posted by Ali Majdzadeh <al...@gmail.com>.

Samaneh,
Hi
I am not aware or even heard of such a configuration option, but if you
require Apache not to process requests for a specified amount of time, you
can use iptables in order to block traffic coming for port 80 for 10
seconds and release it after the job is done.

Warm Regards,
Ali
On Dec 31, 2013 1:49 PM, "samaneh berenjian" <sa...@aut.ac.ir>
wrote:

> hi Ali,
>
> The problem of me is not how to process the modsecurity logs. My problem
> is how to make apache sleep or delay configuration? For example, tell
> apache to wait  10 seconds before responding to any request
>
> On Sun, 12/29/2013 07:20 PM, Ali Majdzadeh &lt;ali.majdzadeh@gmail.com&gt;
> wrote:
>
> Samaneh,
> Hi
> If you intend to develop some sort of a log manager program in order to
> process mod_security logs, it would be better to pipe Apache logs into a
> log manager daemon in order to process them simultaneously. Being the logs
> processed, you would be able to store the results into a database or do
> whatever the program is intended to. I think, the required architecture for
> these sort of problems is similar to what Snort and Barnyard2 have applied.
>
> Regards,
> Ali Majdzadeh Kohbanani
>
>
>
>
> 2013/12/29 samaneh berenjian <sa...@aut.ac.ir>
>
>> hi dear users,
>>
>> I have installed modsecurity on my apache server. When ever a bad request
>> is logged by modsecurity, i process the logs of modsecurity logfile. Ihave
>> set modsecurity in detection only mode and i want apache to not to response
>> to bad request when i am processing the log of bad request.
>>
>> Is anyone aware of some type of apache sleep or delay configuration that will
>> easily allow me to configure this? For example, tell apache to wait  10
>> seconds before responding to any request.
>>
>
> --
> This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com
>
>

Re: [users@httpd] Making delay in apache

Posted by Fred Miller <fj...@gmail.com>.

Please take me off this email list. I've already unsubscribed.


On Tue, Dec 31, 2013 at 5:14 AM, samaneh berenjian <sama.scientist@aut.ac.ir
> wrote:

> hi Ali,
>
> The problem of me is not how to process the modsecurity logs. My problem
> is how to make apache sleep or delay configuration? For example, tell
> apache to wait  10 seconds before responding to any request
>
> On Sun, 12/29/2013 07:20 PM, Ali Majdzadeh &lt;ali.majdzadeh@gmail.com&gt;
> wrote:
>
> Samaneh,
> Hi
> If you intend to develop some sort of a log manager program in order to
> process mod_security logs, it would be better to pipe Apache logs into a
> log manager daemon in order to process them simultaneously. Being the logs
> processed, you would be able to store the results into a database or do
> whatever the program is intended to. I think, the required architecture for
> these sort of problems is similar to what Snort and Barnyard2 have applied.
>
> Regards,
> Ali Majdzadeh Kohbanani
>
>
>
>
> 2013/12/29 samaneh berenjian <sa...@aut.ac.ir>
>
>> hi dear users,
>>
>> I have installed modsecurity on my apache server. When ever a bad request
>> is logged by modsecurity, i process the logs of modsecurity logfile. Ihave
>> set modsecurity in detection only mode and i want apache to not to response
>> to bad request when i am processing the log of bad request.
>>
>> Is anyone aware of some type of apache sleep or delay configuration that will
>> easily allow me to configure this? For example, tell apache to wait  10
>> seconds before responding to any request.
>>
>
> --
> This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com
>
>

Re: [users@httpd] Making delay in apache

Posted by samaneh berenjian <sa...@aut.ac.ir>.

hi Ali,
The problem of me is not how to process the modsecurity logs. My problem is how to make apache sleep or delay configuration? For example, tell apache to wait  10 seconds before responding to any request

On Sun, 12/29/2013 07:20 PM, Ali Majdzadeh &lt;ali.majdzadeh@gmail.com&gt; wrote:
> Samaneh,
> Hi
> 
If you intend to develop some sort of a log manager program in order to process mod_security logs, it would be better to pipe Apache logs into a log manager daemon in order to process them simultaneously. Being the logs processed, you would be able to store the results into a database or do whatever the program is intended to. I think, the required architecture for these sort of problems is similar to what Snort and Barnyard2 have applied.
> 

> Regards,
> Ali Majdzadeh Kohbanani
> 
> 
> 

> 
> 2013/12/29 samaneh berenjian <sa...@aut.ac.ir>> 
hi dear users,
> I have installed modsecurity on my apache server. When ever a bad request is logged by modsecurity, i process the logs of modsecurity logfile. Ihave set modsecurity in detection only mode and i want apache to not to response to bad request when i am processing the log of bad request. 

> Is anyone aware of some type of apache sleep or delay configuration that will easily allow me to configure this? For example, tell apache to wait  10 seconds before responding to any request. 


-- 
This email was Anti Virus checked by Astaro Security Gateway. http://www.astaro.com

Re: [users@httpd] Making delay in apache

Posted by Ali Majdzadeh <al...@gmail.com>.

Samaneh,
Hi
If you intend to develop some sort of a log manager program in order to
process mod_security logs, it would be better to pipe Apache logs into a
log manager daemon in order to process them simultaneously. Being the logs
processed, you would be able to store the results into a database or do
whatever the program is intended to. I think, the required architecture for
these sort of problems is similar to what Snort and Barnyard2 have applied.

Regards,
Ali Majdzadeh Kohbanani




2013/12/29 samaneh berenjian <sa...@aut.ac.ir>

> hi dear users,
>
> I have installed modsecurity on my apache server. When ever a bad request
> is logged by modsecurity, i process the logs of modsecurity logfile. Ihave
> set modsecurity in detection only mode and i want apache to not to response
> to bad request when i am processing the log of bad request.
>
> Is anyone aware of some type of apache sleep or delay configuration that will
> easily allow me to configure this? For example, tell apache to wait  10
> seconds before responding to any request.
>