httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oren <o...@taykey.com>
Subject Re: [users@httpd] Access control advice needed
Date Wed, 09 Apr 2014 07:44:14 GMT
Hi Ramon.
Why use apache for the block and not a firewall? its not apache related 
but i think its a better way of doing that.
You can add those addresses to blocking rules and reduce the load on the 
apache before they even reach it.
I am not sure which os you use but there are simple ways of doing that 
even if you dont have dedicated hardware.

Oren

On 04/09/2014 10:32 AM, Jan Vávra wrote:
> Hello,
>  try to use an IP address or subnet instead of 
> .broad.pt.fj.dynamic.163data.com.cn
>
> Jan.
>> Access control advice needed
>>
>> I have a website running drupal which is currently under a continuous
>> botnet attack, which is causing major performance issues. I'm trying to
>> use apache's access control mechanism to block these requests.
>>
>> Two characteristics of the attack requests are that they all use
>> HTTP/1.0, and a large percentage of them are within one domain.
>>
>> When I look at my access log, most requests are coming in from:
>> 134.230.153.27.broad.pt.fj.dynamic.163data.com.cn
>> 129.199.159.27.broad.pt.fj.dynamic.163data.com.cn
>> ...etc.
>>
>> i tried blocking access using Apache's Deny From as follows:
>>
>> <Directory /opt/drupal-7/>
>>    Options +FollowSymLinks
>>    AllowOverride All
>>    Order Allow,Deny
>>    Allow from all
>>    Deny from .broad.pt.fj.dynamic.163data.com.cn
>> </Directory>
>>
>> However this did not work - all requests are still being allowed in.
>> Note that the /opt/drupal-7 directory is a symlink to the actual
>> directory which has the full version number.
>>
>> Also, since all the botnet requests are marked as HTTP/1.0, I tried to
>> restrict access to the user-registration pages using the protocol, as
>> follows:
>>
>> SetEnvIf Request_Protocol "^HTTP/1\.0$" Bad_Req
>> <Location /utenti>
>>     Order Allow,Deny
>>     Deny from env=BadReq
>> </Location>
>>
>> However this is blocking everything - HTTP/1.0 or 1.1. "/utenti" is the
>> prefix to the user registration page, password-reset page etc. I tried
>> changing around the Order, adding an "Allow from all" but in each case I
>> either end up blocking everyone or letting all requests through.
>>
>> I'd appreciate any advice on how to implement the above or resolve this
>> issue in some other way.
>>
>> --
>> Ramon Casha
>>
>> Note: I have no control over the disclaimer message that will invariably
>> appear below.
>>
>>
>> *DISCLAIMER*
>>
>> /The information transmitted in this message and any attachments is 
>> strictly confidential and intended only for the individual or entity 
>> to whom it is addressed.
>> Any form of unauthorised review, transmission, disclosure, 
>> publication, reproduction, modification or other use of, or the 
>> taking of any action in reliance upon any of the information 
>> contained in this e-mail by individuals or entities other than the 
>> intended recipient is strictly prohibited.
>> If you are not the named addressee or the person responsible for 
>> delivering the message to the named addressee and have received this 
>> communication in error, you must not disclose the contents of this 
>> e-mail to any other person; or make any copies thereof. If you are 
>> not the named recipient please delete/destroy any and all copies that 
>> may exist, whether in electronic or hard copy for and notify us 
>> immediately on the phone number indicated above and provide us with 
>> details about the said e-mail received in error.
>> Since the Internet is not a secure medium Megabyte cannot guarantee 
>> the privacy or confidentiality of any e-mail communications 
>> transmitted. All messages sent to and from Megabyte Ltd may be 
>> monitored and/or recorded to ensure compliance with internal policies 
>> and procedures. We disclaim all responsibility and liability 
>> whatsoever in relation to any errors or omissions that may reveal 
>> themselves in this message and in relation to any damage that may 
>> result from any such errors or omissions. We disclaim all 
>> responsibility and liability for any damage that may arise from the 
>> unauthorised acts of third parties and/or the corruption of any data 
>> contained in this message.
>> Thank you./
>>
>


Mime
View raw message