An apache2 module which allows you to filter each incoming HTTP request to your webserver - allowing you to drop Referer-spam, exploit attempts, and more.
|Please note: I have recently taken over maintanance of this module in order to add hashdos protection. This is a holding page until a more complete version is ready.|
Version 0.9-beta2: hashdos protection
This update is intended to provide apache administrators with a way to limit the number of hashable items in a request. It should therefore provide some protection against hash collision DOS attacks. It is not a "proper" solution - that can only be applied in the programming languages with the vulnerability - but for admins who do not have direct control over the web applications they host it should limit the severity of attacks by rejecting requests with a very large number of (for example) CGI parameters.
More details on the vulnerability: http://cryptanalysis.eu/blog/2011/12/28/effective-dos-attacks-against-web-application-plattforms-hashdos/
Use the new config parameters DropParamLimit, DropHeaderLimit and DropCookieLimit to set the appropriate limits, eg.:
This version can be dowloaded here: mod-ifier-0.9beta2.tar.gz
I am keen to hear from people using this beta, please send me an email: email@example.com with any problems.
This is a slightly updated version with no new functionality but with some deprecated code brought up to date so that it compiles with more recent versions of apache. It's available here: modifier-0.8a.tar.gz.
This is the original version by Steve Kemp, unmodified. It is still available at the original location here: modifier-0.8.tar.gz or you can download a copy stored locally. The original site is still available and contains some documentation.