httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans-Georg Scherneck <...@chalmers.se>
Subject Re: [users@httpd] Denying access for a complicated bugger address
Date Tue, 30 Sep 2014 18:26:03 GMT
Rainer M. Canavan wrote:
> On Sep 30, 2014, at 19:16 , Hans-Georg Scherneck <hgs@chalmers.se> wrote:
>
>> My site is bombarded by POST requests from a site identifying itself like
>> 123.123.123.123.word.word.word.word
>> A "deny from" instruction with a string trying to match this in .htaccess does not
appear to work (though other abusers with simple IP's I can get barred this way).
> You don't say where that sites identifies itself in such a manner. You should
> not enable reverse lookups (i.e. HostnameLookups should be Off, possibly some
> other settings), then the first column in your access.log should always be
> the actual originating IP address of that request.  If they are real spammers,
> they have a botnet with lots of IPs in nearly as many locations and subnets.
>
>
> rainer
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> Blocking from apache:
>
> <Location />
>     Order Allow,Deny
>     Deny from <INSERT IP TO BLOCK HERE>
> </Location>
>
> You can block it at the network stack level too, this way apache does not even see the
request, ex 
> on linux using iptables.
>
>
> bye,
> Frederik 

I'm trying with <Location /> now.

HostnameLookups Off

has always been set.
My reply to Richard a minute ago included some incriminating access.log lines. Ever seen an
address 
like this before?
/Hans-Georg


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message