[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] Is there a way to intercept all IP accesses in real time?

I would like to write a short real-time PHP program to detect unusual or malicious access patterns to httpd under all OSs for the usual methods, such as GET and POST, the goal being to protect authentication procedures from being repeatedly tested by unauthorized visitors to websites.

My understanding is that Apache generates a pool of worker processes to handle remote accesses to the server, so that accesses are processed efficiently and possibly concurrently if the OS supports process concurrency.

So, I'm afraid if I simply write a PHP function that gets called at the start of displaying the home page of a website, it will intercept only a subset of the remote accesses, which would be insufficient for analyzing access patterns.

Is there a way to have a piece of efficient real-time PHP code stay in memory (for efficiency, so its code and database can be resident in memory) and be called for every remote IP access? Its results (a short, often updated IP blacklist) could be sent to the website through a slower route or could be used right there in the real-time PHP code to block the access.

David Spector
Springtime Software

To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx