Ping a Specific Port

Question

Delmonte

Asked: 2012-08-17 08:57:06 +0800 CST2012-08-17 08:57:06 +0800 CST 2012-08-17 08:57:06 +0800 CST

Blocking IP connections by certain pattern

772

IIS 6.0 with Windows Server 2003. We have bot attack or scanning (low to medium) to our IIS server. Reading IIS logs, we realize that one IP loads our web page in the way shown in the picture: enter image description here

We can block that IP on the firewall, but I'm wondering if it's possible to block on IIS by behaviour or pattern, for example, blocking some IP due it's accessing one web page 4 times in a second, and continuously for 5 hours?

1 Answers

Voted

August · Answer 1 · 2012-08-17T11:01:20+08:00

Best Answer

August

2012-08-17T11:01:20+08:002012-08-17T11:01:20+08:00

IIS can't natively do this, and this function is traditionally handled by an IPS/IDS (actually a Web Application Firewall is more appropriate that inspects Layer 7 traffic and is able to decrypt https traffic), but an ISAPI filter installed in IIS such as WebKnight from AQTRONIX (free/opensource) should be able to do what you ask. It is similar to URLScan from Microsoft, but has more functionality. The following is from the link:

Connection control/monitoring

You can block or monitor traffic coming from certain ip addresses or ranges. You can also monitor access to certain important files or limit the number of requests coming from a single IP address.

2

Blocking IP connections by certain pattern

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?