blocking IP addresses 1

[Hondy]

Hi

So to block an IP address I can add:

deny from 1.2.3.4

in the httpd.conf right? So how do I keep adding in new addresses without having to restart apache every time? Can it be done? I have mod_security installed so perhaps it can be done from in there somewhere?

Cheers

 

[feherke]

Hi

Add them to the per-directory configuration ( .htaccess ) instead on the main configuration ( httpd.conf ) file.

Feherke.

http://rootshell.be/~feherke/

 

[RhythmAce]

I agree. The .htaccess is read every time the directory is access. Howerver you would have to have a copy of it in each vhosts DocumentRoot. Another way is to deny them access at the system level by using /etc/hosts.deny. The syntax is "service : client". Both arguements can use "All" so to deny a particular ip from using all services you would enter something like this:

ALL : 192.168.1.20

Of course you would use the actual ip or sub-net.

 

[nerbonne]

Personally, if you have root access, I would add them to the iptables deny list. Iptables is a built in routing application in Linux. (usually)

iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP

and once you are happy with your new entry, save it using:

/etc/init.d/iptables save active

To view entries:

iptables -nL

 

[Hondy]

ah, i think thats what i need - cheers