We've got a script kiddie plugging away at one of our websites, and while they don't seem to be causing any problems, they're flooding the logs and generally being irritating. I'm wondering if there are any modules or config settings that could help restrict.
They basically throw in a few thousand http GET requests to a particular page on our checkout, alternately on port 80 and port 443 (no idea if they're responding to the redirect for the protocol at that point). They never seem to POST anything,
The attacker requests a single page about 5-10 times per second from the same IP address. If I notice and block the IP in IIS manually, a few days later they'll try again from a different IP. The attacks only last a few minutes, tend to be seperated by a few hours, and also tend to be worst at weekends.
Anyway – my request, is there a way of configuring IIS, or a module or something I could install, that will add an IP address to the block list if it throws in too many requests in a short space of time?
Best Answer
There is nothing in IIS 6, but we do have Dynamic IP Restrictions in IIS 7 which is still in beta. Also read Using Dynamic IP Restrictions.