httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From el kalin <ka...@el.net>
Subject Re: [users@httpd] ESTABLISHED connections
Date Sat, 14 Mar 2015 03:20:41 GMT
i don't see it in package ports…

On Fri, Mar 13, 2015 at 7:59 PM, Jim Albert <jim@netrition.com> wrote:

> On 3/13/2015 7:54 PM, el kalin wrote:
>
>>
>>
>> On Fri, Mar 13, 2015 at 7:36 PM, Jim Albert <jim@netrition.com
>> <mailto:jim@netrition.com>> wrote:
>>
>>     On 3/13/2015 7:17 PM, el kalin wrote:
>>
>>
>>         if i have this in the
>>
>>         <Directory "/server/doc/root">
>>
>>                   Order allow,deny
>>                   Allow from all
>>                   deny from 111.10.250.188
>>         </Directory>
>>         ESTABLISHED
>>         tcp        0      0  ip-10-102-190-93.http  111.10.250.188.inovapo
>>         ESTABLISHED
>>
>>
>>         this is growing with every netstat i do.  any ideas???
>>
>>         thanks…
>>
>>
>>     I believe your Order allow, deny is correct.
>>
>>
>> i believe so too...
>>
>>     You are controlling what can be served by Apache, but not the actual
>>     network connection to your Apache server, hence the continued
>>     entries in your connection table. I would assume your Apache error
>>     log is spewing lots of access denied or such errors indicating your
>>     deny is working.
>>
>>
>>     If you really want to keep a given an IP address completely out of
>>     Apache, block it in iptables or better yet the firewall behind which
>>     your Apache server sits, but iptables will do it.
>>
>>
>> i'm aware. the problem is that this is an netbsd ec2 (amazon instance)
>> and the only "firewall" right now is the security groups that service
>> offers. those are not meant to block individual ips. they are rather all
>> exclusive. so my only other option was pf. which i'm used to but it
>> appears that the whole dynamic kernel module loading is screwed up
>> because of the kernel build to fit xen…   and so on…
>>
>
> iptables?
>
>
> --
> Jim Albert
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message