homepage Welcome to WebmasterWorld Guest from 54.167.75.155
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
How Blocking Impacts Traffic and Other Web Services
incrediBILL




msg:4569232
 6:22 am on Apr 30, 2013 (gmt 0)

From dstiles on [webmasterworld.com...]
you really need to read up on mail and web differences. There is no way that me blocking your mail server from accessing my WEB site on port 80 will affect the capability of your mail server from accepting mail from my on-server mail server sending on port 25. Here, we all block certain types of WEB activity. How we block MAIL activity is entirely different and is carried out via the mail server, not the web server.


I thought this was an interesting topic to bring up to help others clarify what happens when you block IP addresses in various places.

Web servers, Apache, IIS, etc. are on port 80

Mail servers, SMTP, etc. are on port 25 or 587

Admin control panels like Plesk use port 8443 for their web server.

Putting something in your servers firewall will have global impact and block all ports, including 25, 80, 587, etc. unless you specify which ports should be impacted.

Putting something in your Apache conf or .htaccess files only impacts port 80 unless otherwise specified so blocking IP addresses in Apache is relatively safe as only the web servers are impacted, not email, no Admin control panels, etc. Remember, blocking IPs within the web server can only impact web services.

However, if you don't do business in some country that has a high volume of abuse, which would be SSH, SMTP, WEB, etc. basically attacking your whole server, then dropping that country, assuming you don't do business with them, in your server firewall is the best way to protect the server from their attacks.

Typically I whitelist services like FTP, SSH, etc. that only I use to accept a very narrow range of access which is the equivalent of blocking out the rest of the world from attacking those services. If you have another server or some dedicated IP address being used on a server, for an SSL certificate as an example, you can whitelist that IP as well and tunnel across to your server in an emergency if your other IPs change suddenly which can and does happen.

For instance, just recently Comcast changed my from range 71.* to 50.* one night which is a pretty radical change and I needed to use the emergency entrance to gain access.

Just beware that if you harden your server too much you just might harden yourself out of the server. There's a backdoor for my hosting company which could also be used to fix the problem but I'd be kind of red faced calling them and telling them I whitelisted myself out of the server... again. :)

Just kidding, I've never locked myself out yet but I thought I did once.

That's the basic nuts and bolts, quick recap; blocking IPs within the web server only impact web services but blocking in the firewall blocks access to all services on the server unless ports are specified, so beware.

Hope that clears it up for some people.

 

dstiles




msg:4569415
 8:02 pm on Apr 30, 2013 (gmt 0)

Thanks for expanding on my note, Bill.

One thing: HTTPS on web servers uses 443 (usually). And, POP3 uses port 110 and IMAP 143. I'm also careful about who can access those - in fact, more careful: they are my customers' mailboxes!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved