not2easy - 4:17 pm on Nov 25, 2012 (gmt 0)
@ keyplyr I appreciate that you have gone through the time and trouble to actually time the processing and share the results, and I am using mod_access and have not seen any noticeable delay.
My htaccess has two sections for this process. At the top are entries added from a spider trap php script that creates the environment of "getout" as in:
SetEnvIf Remote_Addr ^38\.105\.83\.12$ getout
That list is sometimes over 100 lines long and I remove those lines when I add a CIDR line to the list under that which is set up as:
deny from 184.108.40.206/21
That list is well over 200 lines before looking at the Country Blocking List.
I'm adding the country blocking CIDRs to a color coded spreadsheet to check against my existing lines and since I can't just paste them into htaccess without trying to eliminate overlap I had those general questions about whether the multi CIDR lines format
deny from 220.127.116.11/22 18.104.22.168/22 22.214.171.124/20 126.96.36.199/16 188.8.131.52/24 etc.
are preferable to single deny lines. If that processes any faster, it would make sense to make all my single lines into fewer combined lines (to me anyway). And if I do that, are there limits to line length? I don't think I want to bunch everything into a long line, but it would be easier to maintain if I had a line for Hetzner for example, with everything in one line. If I do it that way, wouldn't it be slower if each line starts a new process? Since I have to reorganize things anyway, I thought maybe someone had experience or is it just try and see what happens? I have looked around (a lot) at the Apache docs site and have not found a definitive answer for that.