httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rich Schumacher" <rich.s...@gmail.com>
Subject Re: [users@httpd] How to prevent apache proxy abuse?
Date Fri, 18 Jul 2008 21:13:42 GMT
You could use mod_rewrite/.htaccess to block these hosts.  If you have
access, however, I'd suggest adding them to the DocumentRoot in your
httpd.conf.  This is especially helpful if you are serving multiple sites
from a single server using vhosts.  Adding them to the httpd.conf will allow
you to block access across the board to all sites that fall under the
DocumentRoot.

In httpd.conf, using the hosts from your log:
<Directory "/your/document/root">
    Order allow,deny
    Allow from all
    Deny from fcmat.org
    Deny from 204.184.43.252
</Directory>

Hope that helps.

Rich

On Fri, Jul 18, 2008 at 1:21 PM, Ali Nebi <anebi@iguanait.com> wrote:

> Thanks for the reply.
>
> I use shorewall firewall. I will try to configure it to drop these hosts.
> Is there some way to deny these accesses with rewriterule?
>
> If yes how it should looks like?
>
>
> Quoting Rich Schumacher <rich.schu@gmail.com>:
>
>  If you are seeing nothing but abuse from these hosts your best bet would
>> be
>> to block these at the router/firewall level.  If you don't have access to
>> that, use iptables on the web server to silenty drop any connections from
>> them.
>>
>> On Fri, Jul 18, 2008 at 12:08 PM, Ali Nebi <anebi@iguanait.com> wrote:
>>
>>  Hi,
>>>
>>> i would like to ak how can i block these attempts?
>>>
>>> fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:30 -0500] "POST
>>> http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 302 313 "-" "-"
>>> fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:30 -0500] "GET
>>> http://www.microsoft.com/ HTTP/1.0" 302 304 "-" "Mozilla/4.0
>>> (compatible;
>>> MSIE 6.0; Windows NT 5
>>> .1; SV1; .NET CLR 1.1.4322)"
>>> fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:32 -0500] "CONNECT
>>> http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 319 "-" "-"
>>> 204.184.43.252 - - [18/Jul/2008:13:05:41 -0500] "GET
>>> http://www.microsoft.com/ HTTP/1.0" 302 304 "-" "Mozilla/4.0
>>> (compatible;
>>> MSIE 6.0; Windows NT 5.1; SV1;
>>>  .NET CLR 1.1.4322)"
>>> 204.184.43.252 - - [18/Jul/2008:13:05:41 -0500] "POST
>>> http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 302 313 "-" "-"
>>> 204.184.43.252 - - [18/Jul/2008:13:05:43 -0500] "CONNECT
>>> http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 319 "-" "-"
>>>
>>>
>>> I don't use proxy and it is disabled, but i still get these connections
>>> in
>>> access_log. After this, this server is blacklisted from XBL and CBL list
>>> like spammer.
>>>
>>> Please help me to solve this problem. What can i do to block and to
>>> prevent
>>> this kind of accesses?
>>>
>>> Thanks in advanced!
>>>
>>> ----------------------------------------------------------------
>>> This message was sent using IMP, the Internet Messaging Program.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>
>>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>

Mime
View raw message