Forum
BanOnFlooding
Rainer
19 September 2011, 10:03
Hi,
I use this webserver for very small (mostly private) service.
Because of some bots/scanners out there I want to setup BanOnFlooding, but it won't work like I want.
I set: BanOnFlooding = 15/10:60
So for my understanding: If I try to connect more than 15 times in 10 seconds, the server will ban me for 60secs. Unfortunately this don't work, cause he bans me immediately after the 2nd connection attemp. Here the log:
ACCESS.LOG
192.168.1.98|Mon 19 Sep 2011 09:50:43 +0000|301|606||GET /cam HTTP/1.1
192.168.1.98|Mon 19 Sep 2011 09:50:43 +0000|200|5705||GET /cam/ HTTP/1.1
192.168.1.98|Mon 19 Sep 2011 09:52:42 +0000|200|8209||GET /cam/02/ HTTP/1.1
SYSTEM.LOG
192.168.1.98|Mon 19 Sep 2011 09:50:43 +0000|Client banned because of flooding
192.168.1.98|Mon 19 Sep 2011 09:51:53 +0000|Unbanned (1 connect attempts during ban)
More weird: This behaviour is only at the initial call of the page. If I wait the ban time I can open the page and browse. Then the flooding works correct with that 15 calls (e.g. if I hold down F5 on a picture).
Is it a bug or missconfigured even wrong understanding of flooding by me?
Hiawatha version: Hiawatha v7.6
Operating System: WinXP SP3
greetings rainer
I use this webserver for very small (mostly private) service.
Because of some bots/scanners out there I want to setup BanOnFlooding, but it won't work like I want.
I set: BanOnFlooding = 15/10:60
So for my understanding: If I try to connect more than 15 times in 10 seconds, the server will ban me for 60secs. Unfortunately this don't work, cause he bans me immediately after the 2nd connection attemp. Here the log:
ACCESS.LOG
192.168.1.98|Mon 19 Sep 2011 09:50:43 +0000|301|606||GET /cam HTTP/1.1
192.168.1.98|Mon 19 Sep 2011 09:50:43 +0000|200|5705||GET /cam/ HTTP/1.1
192.168.1.98|Mon 19 Sep 2011 09:52:42 +0000|200|8209||GET /cam/02/ HTTP/1.1
SYSTEM.LOG
192.168.1.98|Mon 19 Sep 2011 09:50:43 +0000|Client banned because of flooding
192.168.1.98|Mon 19 Sep 2011 09:51:53 +0000|Unbanned (1 connect attempts during ban)
More weird: This behaviour is only at the initial call of the page. If I wait the ban time I can open the page and browse. Then the flooding works correct with that 15 calls (e.g. if I hold down F5 on a picture).
Is it a bug or missconfigured even wrong understanding of flooding by me?
Hiawatha version: Hiawatha v7.6
Operating System: WinXP SP3
greetings rainer
Hugo Leisink
19 September 2011, 19:05
It looks like a bug. Weird, this used to work and I haven't changed any of its code. Looks like that over time it somehow got broken.
Please, change line 1403 in hiawatha.c to
and let me know if this solves your problem.
Please, change line 1403 in hiawatha.c to
if ((session->kept_alive > 0) && (session->config->ban_on_flooding > 0)) {
and let me know if this solves your problem.
Rainer
24 September 2011, 10:44
Sorry that I didn't tried out your soluten yet. I just dont have any idea of compiling programs. At least I found your code and changed the line 
I thought I will try out how to compile with cygwin and I'll let you know when I did it.
I thought I will try out how to compile with cygwin and I'll let you know when I did it.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
