Hi All,
I'm looking for an application to do a specific function, to save me rolling my own. First off, here's the background:
We currently run a web server application that's provided by a third party. There's a few instances of this app running on a server, each running on a different port (obviously). Now, in the logs for one of these instances we're seeing a lot of 'script kiddy' type attacks, requesting '/phpmyadmin/setup/setup.php' and so on. I'm not particularly worried about these attacks, however I'd like to do something proactive about them.
Here's what I'd like:
Something to sit in between the web server and the outside world, that checks incoming requests and, should they be 'suspicious' (ie: blacklisted useragents, blacklisted urls) drop the request and add the ip address to a blacklist. If the request is valid then forward the request to the web server and return the response.
Now, I know there's plugins / modules for IIS, Apache et al that will do this for those servers, however I need something that runs seperately and can protect any server sat behind it.
Is there anything like this out there?
Posts
http://httpd.apache.org/docs/2.0/mod/mod_proxy.html
I've set up something similar before, using an Apache proxy to protect/filter access to certain web apps.