httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "R'twick Niceorgaw" <>
Subject Re: [users@httpd] how to block hackers ?
Date Tue, 21 Jan 2003 16:48:16 GMT

----- Original Message -----
From: "Gareth Kirwan" <>
To: <>
Sent: Tuesday, January 21, 2003 11:38 AM
Subject: RE: [users@httpd] how to block hackers ?

> Sorry for the top post.
> 1) Nobody should have access to your .ht* files.
> A default configuration in your httpd.conf is:
> <Files ~ "^\.ht">
>     Order allow,deny
>     Deny from all
>     Satisfy All
> </Files>
> 2) ../../etc/passwd: They shouldn't / can't access documents outside the
> directory structure of the site.
> 3) For general blocking just use
> Order allow, deny
> Allow from all
> Deny from x.x.x.x
> [ Though Order might be the other way round, but I'm fairly sure that's
> right ]

Thanks Gareth,

my server didn't allow acess to .htaccess or any files outside the document
root. So, I think my setup is ok ( still learning).
Deny from x.x.x.x requires me to manualy edit the file and restart apache
and is good for just that ip. I'm sure a hacker will change his ip address
next time he attacks. So, what I was looking for is some means so that
apache will automatically block an IP if it meets certain criteria in the
request string or if there's been a very high volume of request form one
site in certain amount of time.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message