that would be an idea...its just that the initial connection would still be made and the apache child would still spawn. A colleague of mine suggested writing an Apache module that would drop the connection after 1 or 2 seconds if no GET / POST would be sent in addition to blackinsting the source IP of the originating malformed string. Thus far its pretty anoying defending against this kind of attack.
|