httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Dessent <br...@dessent.net>
Subject Re: [users@httpd] blocking one address
Date Fri, 29 Aug 2003 01:16:22 GMT
mgarriss wrote:
> 
> How can I block requests from a certain ip in Apache?  There is some
> virus (I think) bombarding me with requests for many different things.
> Some examples (cut times to avoid wrapping, but this group was all
> within about 2 secs):

I can understand the sentiment but I think you're going to find yourself
playing whack-a-mole by trying to deny anyone that sends you a
Nimda/Code Red probe.  Even if you use the "Deny from <addr>" keyword in
httpd.conf or .htaccess, you'll still send a "403 Forbidden" error page
that's essentially the exact same thing as the "404 Not Found" or "400
Bad Request" page that you're sending now.  It's really not hurting
anything, so I would just ignore it.  

The only way to really make it go away is to add those addresses one by
one to your firewall deny rules, but it's a game of futility... you
would have to constantly watch your log files and note the IP addresses
add them each to the firewall after they've probed you... I could hardly
imagine them accounting for any significant percentage of bandwidth or
CPU usage, unless you're running a site on an ISDN line or something.

Brian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message