I need help finding a system that can spot dangerous web requests like SQL injection attempts and automatically block those IP addresses. I know our application code should handle these attacks properly, but having an extra layer of protection would be really useful. It would help reduce server load and keep our logs cleaner.
I’m hoping to find something that works with both Apache/PHP and IIS/.NET environments. Maybe something that runs at the firewall level or through the web server itself?
What solutions have you used for this kind of automatic threat detection and IP blocking? I’d love to hear about different approaches and tools that actually work in production.
Cloudflare WAF is perfect for this. It sits in front of your servers and handles threat detection automatically with custom blocking rules. Works great with Apache/PHP and IIS/.NET since it’s DNS-level.
For on-premise, I love Fail2Ban with custom log parsing. It watches your web server logs live and updates iptables to block sketchy IPs automatically. Takes some setup but catches attack patterns really well.
You could also run NGINX as a reverse proxy with rate limiting, even behind Apache or IIS. Adds another filter layer that stops bad requests before they hit your app servers.
have you looked into using mod_security with apache? it’s pretty effective at filtering out bad requests. also, curious—what specific threats have you noticed recently? are there certain patterns that seem to repeat?
pfSense + pfBlockerNG is perfect for this. I’ve been running it for 2 years - it automatically pulls threat intel feeds and blocks bad IPs before they hit your web servers. You can also set up custom geo-blocking rules if you need them.