mel_the_snowbird - 1:57 am on Dec 14, 2012 (gmt 0)
I have *four* active web sites. Each web site is 'operated' by a virtual host, and has *different* Deny/Allow commands.
My DoS attacker *used to* attack just one of the web sites incessantly by starting 50 or more massive downloads simultaneously trying to bring my server to its knees.
After I started the Deny All (then Allow 'some' to thwart him/her, he was foiled --- until recently:
Then he started this 'baidu-attack', and for the last week, I have been looking often at my log, and notice that he has at his disposal a whole bunch of IP addresses he uses to attack me. But in all the recent cases, I note the www.baidu.com stuff in my access log.
So, I look at the access.log and see only the *size* of the download, and see that somehow that Apache has selected a *different* one of my sites to 'serve' a page from. So, every few seconds, I get an attack to this 'other' web site. But first I had to identify *which* of my sites is being attacked. I have done this now by 'contextual' examination of the log. (i.e., noted the golf-related stuff in the log.
Since, I have Allow All in this newly attacked site, then I have to Deny From aaa.bbb.ccc.ddd *again* for each of his attempts.
So, my question then beconmes: How do I Deny www.baidu.com -- which is apparently a search engine based in 'downtown China' ?
I'll look again at the responses you and wilderness have given, and hope I can understand and try one of them
It would be nice to have a command like:
Deny from www.baidu.com
But I'll look at your suggested solutions, and if I feel comfortable that I understand it, I'll (tentatively) implement it.