Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Banning IPs from Apache?



----- Original Message ----- 

 Duane Morin <dmorin at lear.morinfamily.com> wrote:
> Recently I'm experiencing nasty load problems on my home web
> server for reasons I have yet to determine.  But I do see that
> my access logs are full of the usual worm traffic.  Can
> somebody point me in the right direction (or just give me the
> quick tutorial) on whether I can tell Linux or Apache ASAP
> "here's a bunch of IPs that I dont want you to respond to at
> all?"  What's the optimal way of making sure that these hits
> don't kill your server (or even interfere with its usual
> operation)?

I've had good results by using IPTABLES to restrict incoming traffic on a
network basis: I simply add a rule for each network that I'm aware of (e.g.,
comcast), and drop everything that isn't on my approved list. Of course,
this might not fit your profile: I'm only showing pages to relatives and
friends, so if you're web site is supposed to be visible to the world, then
I suggest you take advantage of the web space your ISP offers and let them
do the worrying. ;-)

A sample entry: assuming your input policy is DROP -

iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j http-ok-from

iptables -A http-ok-from -s 66.31.0.0/16 -j ACCEPT
(etc.)

HTH.

Bill Horne
http://billhorne.com/






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org