Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Banning IPs from Apache?

On Thu, Feb 05, 2004 at 07:13:10AM -0500, Cole Tuininga wrote:
> I don't know about apache, but this sounds like it would be pretty easy
> to do by chaining/tabling out ranges of ip's.
> man iptables
> But I believe the command would be something like:
> iptables -A INPUT -p tcp --dport 80 -s <offending ip/netmask> -j DROP

you really shouldn't DROP unless you really have to, REJECT is the proper way to do things..  Not only that, but you should probably '--reject-with tcp-reset'.  This prevents the other host from knowing that you have packet filtering in place, and keeps tcp/ip, and the internet happy.


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /