 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
----- Original Message ----- Duane Morin <dmorin at lear.morinfamily.com> wrote: > Recently I'm experiencing nasty load problems on my home web > server for reasons I have yet to determine. But I do see that > my access logs are full of the usual worm traffic. Can > somebody point me in the right direction (or just give me the > quick tutorial) on whether I can tell Linux or Apache ASAP > "here's a bunch of IPs that I dont want you to respond to at > all?" What's the optimal way of making sure that these hits > don't kill your server (or even interfere with its usual > operation)? I've had good results by using IPTABLES to restrict incoming traffic on a network basis: I simply add a rule for each network that I'm aware of (e.g., comcast), and drop everything that isn't on my approved list. Of course, this might not fit your profile: I'm only showing pages to relatives and friends, so if you're web site is supposed to be visible to the world, then I suggest you take advantage of the web space your ISP offers and let them do the worrying. ;-) A sample entry: assuming your input policy is DROP - iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j http-ok-from iptables -A http-ok-from -s 66.31.0.0/16 -j ACCEPT (etc.) HTH. Bill Horne http://billhorne.com/
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
