Can I make Apache drop a connection when matching a URL?

Posted by PP on Server Fault See other posts from Server Fault or by PP
Published on 2010-03-23T16:15:41Z Indexed on 2010/03/23 16:23 UTC
Read the original article Hit count: 332

Filed under:
|

Using mod_rewrite I can construct a rule to respond with a clean error code (e.g. 404 not found, 410 gone, or 403 unauthorised) when a page is requested that I don't want to serve.

But frequently I get completely erroneous requests from hackers scanning my website for vulnerabilities or possibly cross-site scripting attempts. For these customers I do not want to return a clean error - I'd rather do something else like immediately drop the connection with no response or, alternatively, hold the connection open for a lengthy period of time to frustrate the automated process.

Any ideas how to accomplish this with Apache? I've read that nginx has the ability to immediately terminate a connection when a particular pattern is matched.

© Server Fault or respective owner

Related posts about apache

Related posts about mod-rewrite