httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Albert <...@netrition.com>
Subject Re: [users@httpd] ESTABLISHED connections
Date Fri, 13 Mar 2015 23:59:30 GMT
On 3/13/2015 7:54 PM, el kalin wrote:
>
>
> On Fri, Mar 13, 2015 at 7:36 PM, Jim Albert <jim@netrition.com
> <mailto:jim@netrition.com>> wrote:
>
>     On 3/13/2015 7:17 PM, el kalin wrote:
>
>
>         if i have this in the
>
>         <Directory "/server/doc/root">
>
>                   Order allow,deny
>                   Allow from all
>                   deny from 111.10.250.188
>         </Directory>
>         ESTABLISHED
>         tcp        0      0  ip-10-102-190-93.http  111.10.250.188.inovapo
>         ESTABLISHED
>
>
>         this is growing with every netstat i do.  any ideas???
>
>         thanks…
>
>
>     I believe your Order allow, deny is correct.
>
>
> i believe so too...
>
>     You are controlling what can be served by Apache, but not the actual
>     network connection to your Apache server, hence the continued
>     entries in your connection table. I would assume your Apache error
>     log is spewing lots of access denied or such errors indicating your
>     deny is working.
>
>
>     If you really want to keep a given an IP address completely out of
>     Apache, block it in iptables or better yet the firewall behind which
>     your Apache server sits, but iptables will do it.
>
>
> i'm aware. the problem is that this is an netbsd ec2 (amazon instance)
> and the only "firewall" right now is the security groups that service
> offers. those are not meant to block individual ips. they are rather all
> exclusive. so my only other option was pf. which i'm used to but it
> appears that the whole dynamic kernel module loading is screwed up
> because of the kernel build to fit xen…   and so on…

iptables?

-- 
Jim Albert


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message