You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Luis Croker <lc...@megacable.com.mx> on 2009/04/23 00:57:09 UTC

[users@httpd] Invalid Requests.

   Hi all... 

   I hope any can give me a suggestion about how to block this kind of
request in my apache web server... 

[Wed Apr 22 15:22:32 2009] [error] [client 10.10.10.10] Invalid URI in
request GET  HTTP/1.1

   I have a lot of these requests  per second,  from the same IP, I
think this is a kind of virus or malware trying  to contact the server.
After a few minutes the IP change and start the same behavior. 
I compiled and installed mod_evasive module which worked fine but it
doesnt block the IPs doing the request, cause in the request  there is
not   a specfic object or page, so the mod_evasive can no detect and
block the ips. 
Im thinking create a script that read the log file and insert a rule in
the firewall to block this requests, but I wanna ask here before, maybe
somebody have had the same problem before. 

Any suggestion ?

Thanks.