Annoyed that mod_security isn't going to be included in Debians Etch release I started work on my own replacement.
The way I use mod_referer is three-fold:
- Block particular referers
- Block particular user-agents
- Block accesses to particular URIs
Knowing that naming software is the hardest part I just looked for words beginning with mod - so please see mod_ifier!
Building:
apt-get install apache2-dev cd mod_ifier/src make make install
Using:
LoadModule mod_ifier_module /usr/lib/apache2/modules/mod_ifier.so DropAgent lynx DropAgent links DropAgent wget DropReferer gambling-sites.com DropReferer sex.com
TODO:
- Allow logging / command executation (firewall dropping.)
- Allow to match on patterns in URIs (the third usage I use, eg /cgi-bin/formmail.cgi)
Comments welcome… especially since I'm only just getting to grips with the Apache 2.x API…
No tags No comments