Aenn Seidhe Priest wrote:
Hello, a webserver is under attack. What's required is some kind of filtering software and a firewall that could do the following: pass only valid HTTP GET requests and block all other HTTP methods (PUT, OPTIONS, CONNECT, etc.), possibly validate HTTP GET requests by matching to local paths; optionally disable HTTP 1.1 requests; block excessively long URLs; have an extensions whitelist/blacklist;
I can't really help you with something that will do this automatically (although from what I've heard fail2ban might help).
The quickest way to nip a DOS in the butt is check your logs and netstat -ntap for the offending IP and do:
iptables -A INPUT -s <SOURCE_IP> -j DROPWith a DDOS this becomes more difficult, but usually the average DDOSer have only so many zombies, and eventually you'll block them all.