httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacob Coby" <jc...@listingbook.com>
Subject Re: Re[2]: Blocking requests..
Date Thu, 22 Aug 2002 14:21:26 GMT
Deny From will give a 403 Forbidden.

Another option, albiet a more complicated one, is to use ipchains/iptables
and add a rule to just drop TCP packets from a specific IP address to your
webserver.

You can have a script that sits there and watches the logfile, matching
those requests.  Once it finds some, it tells ipchains/tables to deny or
drop all TCP requests from the blacklisted IP addr.  If you want to get
really fancy, you can make it modify the ipchains/tables conf so that when
you restart the server, it will remember who is blacklisted.

That will stop all TCP traffic from those IP addresses from ever reaching
your webservers.  If you tell it to drop the packets, it also prevents them
from even knowing your website exists, since to them, there is no route to
the host.

Could be frustrating if they are real users trying to get into your website.

-Jacob
http://www.listingbook.com
----- Original Message -----
From: "Anders Widman" <andewid@tnonline.net>
To: "Julian Grunnell" <users@httpd.apache.org>
Sent: Thursday, August 22, 2002 10:07 AM
Subject: Re[2]: Blocking requests..


> So, if I use "deny from all", what happens then? Will Apache silently
> drop the request, or respond to the client?
>
> - Anders
>
> > Use deny from?
>
> > -----Original Message-----
> > From: Anders Widman [mailto:andewid@tnonline.net]
> > Sent: 22 August 2002 14:46
> > To: users@httpd.apache.org
> > Subject: Blocking requests..
>
>
>
> >    Hello...
>
> >    Is there any way I can block (drop) all requests from an IP if a
> >    request match a specific URL?
>
> >    There are some sorts of viruses running around here and they eat up
> >    my bandwidth and resources by requesting URLs like these:
>
> >    /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0
> >    /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1
> >    ...
>
> >    I want Apache to drop and not respond to these requests, and
> >    perhaps all requests from that IP. Is that possible?
>
> >    Thanks,
> >    Anders
>
>
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
>
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message