Banning IPs from Apache?
miah
jjohnson at sunrise-linux.com
Thu Feb 5 08:04:47 EST 2004
On Thu, Feb 05, 2004 at 07:13:10AM -0500, Cole Tuininga wrote:
> I don't know about apache, but this sounds like it would be pretty easy
> to do by chaining/tabling out ranges of ip's.
>
> man iptables
>
> But I believe the command would be something like:
>
> iptables -A INPUT -p tcp --dport 80 -s <offending ip/netmask> -j DROP
you really shouldn't DROP unless you really have to, REJECT is the proper way to do things.. Not only that, but you should probably '--reject-with tcp-reset'. This prevents the other host from knowing that you have packet filtering in place, and keeps tcp/ip, and the internet happy.
-miah
More information about the Discuss
mailing list