BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Banning IPs from Apache?

Subject: Banning IPs from Apache?
From: jjohnson at sunrise-linux.com (miah)
Date: Thu, 5 Feb 2004 05:04:47 -0800
In-reply-to: <1075983190.386.6.camel@localhost>
References: <Pine.LNX.4.44.0402050643380.19267-100000@lear.morinfamily.com> <1075983190.386.6.camel@localhost>

On Thu, Feb 05, 2004 at 07:13:10AM -0500, Cole Tuininga wrote:
> I don't know about apache, but this sounds like it would be pretty easy
> to do by chaining/tabling out ranges of ip's.
> 
> man iptables
> 
> But I believe the command would be something like:
> 
> iptables -A INPUT -p tcp --dport 80 -s <offending ip/netmask> -j DROP

you really shouldn't DROP unless you really have to, REJECT is the proper way to do things..  Not only that, but you should probably '--reject-with tcp-reset'.  This prevents the other host from knowing that you have packet filtering in place, and keeps tcp/ip, and the internet happy.

-miah

References:
- Banning IPs from Apache?
  - From: dmorin at lear.morinfamily.com (Duane Morin)
- Banning IPs from Apache?
  - From: colet at code-energy.com (Cole Tuininga)

Prev by Date: Banning IPs from Apache?
Next by Date: When disk IO goes bad
Previous by thread: Banning IPs from Apache?
Next by thread: Banning IPs from Apache?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org