|deny from 'hostname'|
I left a rule in place in my htaccess last night to test if deny by hostname was working and it appears it did not.
I blocked all .ru visitors with 'deny from .ru' (since the only .ru visitors to my sites are spammers).
However my logs indicate that there were successful visits from someone using 'netdedicated.ru'
Surely this should have been blocked if the above rule was in place? What am I missing?
Thanks in advance for any advice.
Holy smokes. Are you really using 1.3?! My host won't say, but I'm definitely in at least 2.2 [httpd.apache.org].*
I think most people wouldn't bother with .ru, because the domain names you're trying to keep out are either forged or in such a wonky format that they can't be looked up. (Not necessarily evil, just wonky. I get perfectly legitimate visits from IP addresses belonging to a perfectly legitimate foreign government, and they're all flagged as "might be forged".) Block them by numbers instead.
* Some blahblah about security, but as a consolation prize they show you how to test which mods you've got. I don't have mod_access.
Ah no, the link I used was simply a reference I found by search which detailed what I'd done. The version info is not relevant.
I'm already blocking by IP's but my list was getting rather large.
Incidentally, my host uses apache v.2.2.15, my cPanel shows the info.
if you want to block countries the most effective way is to get yourself an ip database that maps ip addresses to countries - there are several out there both free and paid.
of course it doesn't stop access through proxies etc, these you have to block seperately should you wish
|I'm already blocking by IP's but my list was getting rather large. |
A likely reason for a "rather large", is that your denying to the precise Class D IP, rather than a mass provider range?
However even when accumulating larger provider ranges, after a while requires consolidation of ranges.
Denying by IP is much less server intensive than denying by host.
|Denying by IP is much less server intensive than denying by host. |
I didn't realise this, thank you.
To answer the original question, there is a configuration setting at the server level which enables/disables the ability to do the reverse-DNS lookups required to "deny by hostname." If this setting is disabled, then rDNS lookups will never be performed, and the "Remote_Host" environment variable will always be identical to the Remote_Addr variable. In other words, Remote_Host will contain the remote host's IP address, and not its hostname, so you'll be trying to compare "example.ru" to an IP address, and it won't ever match.
rDNS lookups require that your server make one outgoing DNS lookup request for each incoming "user" http request. If this rDNS connection/lookup is slow or if it fails, then the user's request will also be slow or fail. That's why -- as wilderness stated above -- access control by IP is so much more efficient and faster than access control by hostname. Of course, if you really need access control by hostname, that may be of only secondary concern...
Another issue to be aware of is that if you enable rDNS lookups and use them in your .htaccess or config code, then you may find that your raw server logs suddenly "switch formats" and start showing hostnames for all requests. This is because many servers are set up to log hostnames if available, and by enabling and using hostname lookups, you've made those hostnames available for logging. You may or may not like seeing hostnames in your logs files -- personally, I prefer seeing either only the IP address or *both* the IP address and the hostname. However, if you enable rDNS on the server, then you won't have that choice unless you also have server config-level access, and can go change the logging format template so that IP addresses are always logged instead of/in addition to hostnames. See Apache mod_log_config %h versus %a tokens for more info.
Jim, thanks so much for your detailed reply. You may have just explained why I've been getting hostnames in my cPanel 'Latest Visitors' for a few weeks despite cPanel support saying this is not the default behaviour and my own host refusing to look into the reason behind it as they believe it's a new cPanel feature!
I much prefer IP's to hostnames and would be happy to try and stop them being displayed at all. Do you think removing any hostname blocks in my .htaccess would have the affect of 'switching' my access logs back to IP addresses only?
Edit: after re-reading your last paragraph, it appears the above may not work
Thank you again.
[edited by: cyberdyne at 1:50 pm (utc) on Jul 12, 2011]
|brotherhood of LAN|
Looks like that's a defintive answer as to why the blocking is not working
|I blocked all .ru visitors with 'deny from .ru' (since the only .ru visitors to my sites are spammers). |
|connection/lookup is slow or if it fails, then the user's request will also be slow or fail |
If you are using (and are familiar with a scripting language, you could perform your reverse DNS lookups in the background via a cron, e.g. validate messages that are posted onto your site.