Filtering POST data

Events happening in the community are now at Drupal community events on www.drupal.org.
styro's picture
Posted by styro on June 11, 2007 at 5:39am

I'm also getting hit by nareman trying to unsuccessfully log in. I've managed to block 90% of it with mod_rewrite, but the changing bot will make that time consuming to keep up with.

Anyway, is there any way to filter POST data (in Apache - I don't want to invoke Drupal for this). I'm in no position to write an Apache filter, and not keen on installing mod_security for various reasons. Is there any way of getting mod_rewrite to match on POST data?

I'm almost tempted to start looking at IDS style tools that can update my firewall rulesets (ouch).

Comments

POST abuse

Posted by mcurry on June 25, 2007 at 5:35pm
mcurry's picture

I've thought about this approach, too - the repeated posts should be a dead giveaway - consider it a 'probe'.

Where's the BadBehavior module on this? Will it detect and prevent such nonsense?

Michael Curry
Exodus Development | Drupal and other developer info

Michael Curry
Drupal and Windows Tips

PHPIDS

Posted by christefano on July 14, 2007 at 3:37pm
christefano's picture

swentel@drupal.org has contributed a PHPIDS module.

Filtering POST

Posted by eli on September 10, 2007 at 9:59pm
eli's picture

Why the hesitation on installing mod_security? I admit it was tricky to set up at first, but now that I have it running I'm absolutely in love with it. Filtering POST requests is pretty much exactly why it was created (since, AFAIK there's no other way to do it in Apache...)

Combating Spam and Bots

Group organizers

Group categories

Modules

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: