1

I can't figure this out.

I'm trying to create an apache configuration applicable to all domains hosted on the same box so that if a request to any url returns an error-based code to the client (like 4xx or 5xx), a "connection: close" (keep-alive disabled) is also set in the HTTP headers for the client, whereas all the good requests will have keep-alive enabled.

I ask this because I think hackers are trying to tie up connections to my server by deliberately trying to access URLs that return errors (particularly the 404 not found error) and I want to make it so apache literally closes the connection on the errors.

And why the "connection: close" specifically? because cloudflare includes that header when it issues the 403 not authorized page when one accesses a homepage of a different site (because that site wants to perform human verification first).

Any way I can do this with just apache? or would I have to somehow write up an apache module (if its possible) to achieve this task?

Improve this question

1 Answer 1

Reset to default
1

From my understanding, you want to add a particular header depending on the request status of the client.

While you can't do that directly as an IF statement (per documentation), here's a workaround that accomplishes what you ask:

Header always set name-of-header "header value" "expr=%{REQUEST_STATUS} == request-status"

Example, let's say you want to add a Connection:close header for 404 error codes:

Header always set Connection "close" "expr=%{REQUEST_STATUS} == 404"

A few things to consider:

  • Using Connection and Keep-Alive headers is prohibited in HTTP/2 and HTTP/3. Plus the likelihood of slowing the attackers by using these headers is very low
  • Seems like you should try other techniques. If you say you are already using CloudFlare, try to identify patterns that you can block on the WAF level
  • You can also attempt to use the CloudFlare API and use their firewall to block the malicious users in real time (this requires programming knowledge)
  • You could try to enable Fail2Ban on your server to monitor and block the intrusions
  • Other things to consider are rate-limiting the connections, and/or enabling a load balancer
Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.