httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anders Widman <ande...@tnonline.net>
Subject Re[4]: Blocking requests..
Date Thu, 22 Aug 2002 14:25:39 GMT
> Deny From will give a 403 Forbidden.

Not really what I want....


> Another option, albiet a more complicated one, is to use ipchains/iptables
> and add a rule to just drop TCP packets from a specific IP address to your
> webserver.

Sounds like a better idea :). Now I only need to figure out such a
script.... Any ideas there?

> You can have a script that sits there and watches the logfile, matching
> those requests.  Once it finds some, it tells ipchains/tables to deny or
> drop all TCP requests from the blacklisted IP addr.  If you want to get
> really fancy, you can make it modify the ipchains/tables conf so that when
> you restart the server, it will remember who is blacklisted.

> That will stop all TCP traffic from those IP addresses from ever reaching
> your webservers.  If you tell it to drop the packets, it also prevents them
> from even knowing your website exists, since to them, there is no route to
> the host.

> Could be frustrating if they are real users trying to get into your website.

> -Jacob
> http://www.listingbook.com
> ----- Original Message -----
> From: "Anders Widman" <andewid@tnonline.net>
> To: "Julian Grunnell" <users@httpd.apache.org>
> Sent: Thursday, August 22, 2002 10:07 AM
> Subject: Re[2]: Blocking requests..


>> So, if I use "deny from all", what happens then? Will Apache silently
>> drop the request, or respond to the client?
>>
>> - Anders
>>
>> > Use deny from?
>>
>> > -----Original Message-----
>> > From: Anders Widman [mailto:andewid@tnonline.net]
>> > Sent: 22 August 2002 14:46
>> > To: users@httpd.apache.org
>> > Subject: Blocking requests..
>>
>>
>>
>> >    Hello...
>>
>> >    Is there any way I can block (drop) all requests from an IP if a
>> >    request match a specific URL?
>>
>> >    There are some sorts of viruses running around here and they eat up
>> >    my bandwidth and resources by requesting URLs like these:
>>
>> >    /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0
>> >    /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1
>> >    ...
>>
>> >    I want Apache to drop and not respond to these requests, and
>> >    perhaps all requests from that IP. Is that possible?
>>
>> >    Thanks,
>> >    Anders
>>
>>
>> > ---------------------------------------------------------------------
>> > The official User-To-User support forum of the Apache HTTP Server
>> > Project.
>> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> > For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>> > ---------------------------------------------------------------------
>> > The official User-To-User support forum of the Apache HTTP Server
> Project.
>> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> > For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>


> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message