httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Vávra <va...@602.cz>
Subject Re: [users@httpd] Access control advice needed
Date Wed, 09 Apr 2014 07:32:06 GMT
Hello,
  try to use an IP address or subnet instead of 
.broad.pt.fj.dynamic.163data.com.cn

Jan.
> Access control advice needed
>
> I have a website running drupal which is currently under a continuous
> botnet attack, which is causing major performance issues. I'm trying to
> use apache's access control mechanism to block these requests.
>
> Two characteristics of the attack requests are that they all use
> HTTP/1.0, and a large percentage of them are within one domain.
>
> When I look at my access log, most requests are coming in from:
> 134.230.153.27.broad.pt.fj.dynamic.163data.com.cn
> 129.199.159.27.broad.pt.fj.dynamic.163data.com.cn
> ...etc.
>
> i tried blocking access using Apache's Deny From as follows:
>
> <Directory /opt/drupal-7/>
>    Options +FollowSymLinks
>    AllowOverride All
>    Order Allow,Deny
>    Allow from all
>    Deny from .broad.pt.fj.dynamic.163data.com.cn
> </Directory>
>
> However this did not work - all requests are still being allowed in.
> Note that the /opt/drupal-7 directory is a symlink to the actual
> directory which has the full version number.
>
> Also, since all the botnet requests are marked as HTTP/1.0, I tried to
> restrict access to the user-registration pages using the protocol, as
> follows:
>
> SetEnvIf Request_Protocol "^HTTP/1\.0$" Bad_Req
> <Location /utenti>
>     Order Allow,Deny
>     Deny from env=BadReq
> </Location>
>
> However this is blocking everything - HTTP/1.0 or 1.1. "/utenti" is the
> prefix to the user registration page, password-reset page etc. I tried
> changing around the Order, adding an "Allow from all" but in each case I
> either end up blocking everyone or letting all requests through.
>
> I'd appreciate any advice on how to implement the above or resolve this
> issue in some other way.
>
> --
> Ramon Casha
>
> Note: I have no control over the disclaimer message that will invariably
> appear below.
>
>
> *DISCLAIMER*
>
> /The information transmitted in this message and any attachments is 
> strictly confidential and intended only for the individual or entity 
> to whom it is addressed.
> Any form of unauthorised review, transmission, disclosure, 
> publication, reproduction, modification or other use of, or the taking 
> of any action in reliance upon any of the information contained in 
> this e-mail by individuals or entities other than the intended 
> recipient is strictly prohibited.
> If you are not the named addressee or the person responsible for 
> delivering the message to the named addressee and have received this 
> communication in error, you must not disclose the contents of this 
> e-mail to any other person; or make any copies thereof. If you are not 
> the named recipient please delete/destroy any and all copies that may 
> exist, whether in electronic or hard copy for and notify us 
> immediately on the phone number indicated above and provide us with 
> details about the said e-mail received in error.
> Since the Internet is not a secure medium Megabyte cannot guarantee 
> the privacy or confidentiality of any e-mail communications 
> transmitted. All messages sent to and from Megabyte Ltd may be 
> monitored and/or recorded to ensure compliance with internal policies 
> and procedures. We disclaim all responsibility and liability 
> whatsoever in relation to any errors or omissions that may reveal 
> themselves in this message and in relation to any damage that may 
> result from any such errors or omissions. We disclaim all 
> responsibility and liability for any damage that may arise from the 
> unauthorised acts of third parties and/or the corruption of any data 
> contained in this message.
> Thank you./
>
> <#> 


Mime
View raw message