Yes I aggree, I want to offer that as well, an option to use the script to deny. I just think.. I want to use as much as possible of existing technology an not re-invent the wheel.
Apache has a deny ip rule- which really blocks the client at the base. Using that, even if cgi were to stop working, the client could still not access via http. It is a self-protect mechanism.
Think of the module as being a buttler who answers the door. You knock on the house, door opens, and buttler appears and says "whatup?!" - If we simply use the buttler, he may say "sorry, no.. you can't come in. We don't like you." .. So maybe you come back with a shotgun..
But if we let the buttler do more.. Maybe he rigged the house to know who you are.. When you knock .. The door won't even open, you won't even see the buttler, much less the house.
There is a slight difference here- maybe.. I am actually foreseeing cracking attempts on these machines. They *will* happen, the attempts. And they are not going to be using a browser to punch in data.
If I do what you did.. I could program a dictionary attack - perhaps.. that will still work. Since after 10 seconds, the whole thing is forgiven?
Anyhow, my concern is that I know this software will undergo attacks.
In reply to Re^2: A module to deny ip on multiple sketchy http requests, yes, no?
by leocharre
in thread A module to deny ip on multiple sketchy http requests, yes, no?
by leocharre
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |