Hi, You know those annoying Nimda scans you keep finding in your apache logs???? Anybody know if it's possable to create a custom error document for apache which, when the first address in a normal nimda scan is requested, the originators IP is automatically added to the IPTables DROP table, so subsquent requests from that IP time out. I was thinking about writing a custom page that is returned for that address, containing some perl code to modify the firewall. Any one got any ideas? I'm running Apache 2.0.39 with mod_perl 1.99 kernel 2.4.18 Chris -- Chris *************************************************************************** E Mail Chris@glovercc.clara.co.uk WWW http://www.glovercc.clara.co.uk Someday, we'll look back on this, laugh nervously and change the subject. -Anon