httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "R'twick Niceorgaw" <pub...@utkalika.net>
Subject Re: [users@httpd] how to block hackers ?
Date Tue, 21 Jan 2003 16:48:16 GMT

----- Original Message -----
From: "Gareth Kirwan" <gbjk@thermeoneurope.com>
To: <users@httpd.apache.org>
Sent: Tuesday, January 21, 2003 11:38 AM
Subject: RE: [users@httpd] how to block hackers ?


> Sorry for the top post.
>
> 1) Nobody should have access to your .ht* files.
> A default configuration in your httpd.conf is:
> <Files ~ "^\.ht">
>     Order allow,deny
>     Deny from all
>     Satisfy All
> </Files>
>
> 2) ../../etc/passwd: They shouldn't / can't access documents outside the
> directory structure of the site.
>
> 3) For general blocking just use
> Order allow, deny
> Allow from all
> Deny from x.x.x.x
> [ Though Order might be the other way round, but I'm fairly sure that's
> right ]
>

Thanks Gareth,

my server didn't allow acess to .htaccess or any files outside the document
root. So, I think my setup is ok ( still learning).
Deny from x.x.x.x requires me to manualy edit the file and restart apache
and is good for just that ip. I'm sure a hacker will change his ip address
next time he attacks. So, what I was looking for is some means so that
apache will automatically block an IP if it meets certain criteria in the
request string or if there's been a very high volume of request form one
site in certain amount of time.

R'twick



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message