Apache Friends Support Forum


https://community.apachefriends.org/f/

IP blocking

https://community.apachefriends.org/f/viewtopic.php?f=16&t=48661

Page 1 of 1

IP blocking

PostPosted: 19. October 2011 17:15
by Harpist
Hi folks,

I am doing testing of a new web site and the server is constantly being accessed by unwanted users looking for vulnerabilities. I have been blocking these on an adhoc basis by denying access using the httpd.conf file. But this is always after the fact.

Is there a service that offers a proactive way of doing this (e.g. a database of IPs that have been identified as abusing access at other sites)?

Thank you for assistance.

Harpist

Re: IP blocking

PostPosted: 19. October 2011 21:27
by Sharley
A search of the internet may reveal a list and then instead of using the httpd.conf file add a .htaccess to the web site root folder, helps keep the httpd.conf file free of clutter.

This is how I do it on many of my hosted web sites that have this same issue and I can assure you there are such lists for you to download or copy and paste.

I usuall block an IP range (CIDR) as again, usually these are from well know and specific country IP blocks which helps keep the .htaccess file to a manageable size.
For example:
Code: Select all
deny from xxx.xxx.xxx.xxx/24
There are few online CIDR conversion utilities that can convert an IP block range like
Code: Select all
xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx
for you.

You can still add those you find in your log file and if you have a firewall then you could also try adding banned IPs into it's configuration settings, depending if available and how well you know how to configure your firewall.

Good luck, :)

Re: IP blocking

PostPosted: 20. October 2011 05:24
by Altrea
Sharley wrote:if you have a firewall then you could also try adding banned IPs into it's configuration settings, depending if available and how well you know how to configure your firewall.


I recommend that too. The Firewall is in most cases the best place to handle unwanted requests. If the requests are reaching your HTTP-Daemon process vulnerabilities of that process can take effect.
The other reason why it is the better place is, that a webserver process can be more easily be affected by DDos attacks than a good and well configurated hardware firewall.

Last i just can hope that you don't use XAMPP for your public accessible website testing.
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/