Can I block a specific incomming http request

We are recieving a ddos attack for one of our domains on a specific file. If I do an apache status I see these requests:

0.0 0.00 0.03 209.105.192.159 www.dxfonline.com GET /webadm/web.php HTTP/1.1
110-0 - 0/0/38 . 0.00 198 0 0.0 0.00 0.01 217.195.69.154 www.dxfonline.com GET /webadm/web.php HTTP/1.0
111-0 - 0/0/34 . 0.01 249 0 0.0 0.00 0.01 64.163.127.59 www.dxfonline.com GET /webadm/web.php HTTP/1.1
112-0 - 0/0/37 . 0.00 234 0 0.0 0.00 0.02 80.178.6.147 www.dxfonline.com GET /webadm/web.php HTTP/1.1
113-0 - 0/0/31 . 0.00 246 1 0.0 0.00 0.01 68.209.4.185 www.dxfonline.com GET /webadm/web.php HTTP/1.1
114-0 - 0/0/35 . 0.01 167 0 0.0 0.00 0.01 65.80.232.141 www.dxfonline.com GET /webadm/web.php HTTP/1.1
115-0 - 0/0/34 . 0.02 165 0 0.0 0.00 0.02 68.154.12.34 www.dxfonline.com GET /webadm/web.php HTTP/1.1
116-0 - 0/0/32 . 0.00 166 0 0.0 0.00 0.01 216.177.12.148 www.dxfonline.com GET /webadm/web.php HTTP/1.1
117-0 - 0/0/30 . 0.01 164 0 0.0 0.00 0.01 24.22.84.80 www.dxfonline.com GET /webadm/web.php HTTP/1.1

I believe they are spoofing the IP address's becuase they are all different (thousands of them).


But since they are all trying to "GET" the same file, is there anywhere that I could define and block that one incomming "GET" request.

I've already chmod 000 and chattr +i the file, so they can't actually get to the file, but we still see all of these incomming requests tying up apache.

 

I'm not sure if that would help here as every request comes from a different IP addrses. Per the mod_doevasive description:

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

* Requesting the same page more than a few times per second
* Making more than 50 concurrent requests on the same child per second
* Making any requests while temporarily blacklisted (on a blocking list)



I think that would only help if the were using one IP or just a small list of IP's.

What I am wondering is if there is a way in apf or iptables, or something simliar where I can block and incomming request via a specific string such as "/webadm/web.php"

 

As I suspected, I installed the mod_dosevasive and it has no affect on this kind of attack.

Does anyone else have any ideas?

 

Thanks for the info. I read through that whole page and couldn't really figure out if any of them could help me out in this case. I don't want anyone to have to spend too much time on this, but if you have experience with the mod_rewrite can you give me an example of how I can block anyone from viewing a specific page.

What I am really trying to do is block the entire http request so it doesn't fill apache up with a ton of requests like it is doing now...

I chmod'd the files to 000 so if you try to access them it gives you a forbidden page. This keeps my serverload fairly low, but still causes apache to fill up with http requests.