I am administering a few web servers. Each night, random hosts from the Internet are probing them for various vulnerabilities in php, phpadmin, horde, mysqladmin, etc. Is there a way (apache plugin?) to slow down the rate of attack?

For SSH, I have a rate limiting rule on the firewall, which does not allow more than three connections per minute. But I don't want to rate limit all HTTP access, only the access that returns 404s.

Is there such an apache module?

  • 123
  • 4

3 Answers3


Here is an article about how to setup tarptting with apache.

  • 128,755
  • 40
  • 271
  • 413
  • For bonus points, do you know where I can find a RPM for Centos 5.5? – florin Jun 01 '10 at 20:07
  • I found http://www.jasonlitka.com/media/EL5/i386/ but I get an error Starting httpd: httpd: Syntax error on line 210 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/mod_security.conf: Cannot load /etc/httpd/modules/mod_security2.so into server: /etc/httpd/modules/mod_security2.so: undefined symbol: ap_get_server_banner – florin Jun 01 '10 at 20:13

Use apache mod_security.
Sample from .conf:
Include modsecurity.d/modsecurity_crs_35_bad_robots.conf
Include modsecurity.d/modsecurity_crs_40_generic_attacks.conf
Include modsecurity.d/modsecurity_crs_45_trojans.conf
Include modsecurity.d/modsecurity_crs_50_outbound.conf

For ssh, ftp and other use fail2ban.

  • 1,134
  • 3
  • 16
  • 35

mod_memcache_block might be what you need. From the docs:

"mod_memcache_block is an Apache module that allows you to block access to your servers using a block list stored in memcache. It also offers distributed rate limiting based on HTTP response code.


Distributed White and Black listing of IPs, ranges, and CIDR blocks Configurable timeouts, memcache server listings Support for continuous hasing using libmemcached’s Ketama Windowded Rate limiting based on Response code (to block brute-force dictionary attacks against .htpasswd, for example)"

Hope this helps.

Marco Ramos
  • 3,100
  • 22
  • 25
  • This solution is indeed more elegant and scalable than the one proposed by Zoredache, but that one is easier to implement for a small site. I'm sorry I can't mark both as good. – florin Jun 01 '10 at 20:05