Om108,

Please review our Terms of Service. Thanks!

The first step is to block the IP address at the server's router/firewall. This prevents any requests from that IP address from getting to your server at all. Therefore, they won't use any CPU time or bandwidth.

As a fallback for whenever the router or firewall configuration is lost -- as you implied, during a "reboot" -- you can detect the IP address and rewrite requests from that IP to a file in a subfolder. That file need not actually exist. Also, in .htaccess in that subfolder, or in a <directory> container for that subfolder in httpd.conf, place code that forbids all requests to that subfolder, and use ErrorDocument 403 to steer all 403 responses to a blank custom 403 file. In this way, all requests from that IP get a 403 response with a blank message body, thus minimizing your bandwidth; Your server will still have to send back the response header, but the body will be empty.

If there is a live connection at that IP address -- that is, if you get a response when accessing it with your browser, you could 301-redirect all requests back to that IP address. In this way, every time they make a request to your site, they would see a request come back. Share the suffering, in other words. However, I don't recommend this approach, as it might only escalate the battle.

Jim

jdMorgan, how would I detect the IP and rewrite the requests to a file in a subfolder? I'd prefer to do it through htaccess. How would I do it? if the ip were 123.45.678.90, how would it look in htaccess?

Although I do not think I will go the 301-redirect route, I want to know how I can do that too. ((laughs)) I'd also need to see how that would look like in htaccess.

Thanks.

I'm trying to redirect one IP (that has been spamming my site) to a specific empty file.

The script I tried was...

RewriteEngine on
RewriteCond %{REMOTE_HOST}!^123\.45\.67\.89
RewriteRule .* [spam-magnet.com...] [r=302,L]

...but does not seem to work.

Any Suggestions?

Thanks.

RewriteEngine on
RewriteCond %{REMOTE_HOST} !^123\.45\.67\.89
RewriteRule .* http://www.example.com/500.shtml [r=302,L]

This code says, "If the Remote Host's IP address is NOT 123.45.67.89, then for any resource requested, do a temporary external redirect to example.com, and stop rewriting for this current HTTP request."

It's likely that you want to remove the "!" from the IP address so that the rule is invoked if the IP *is* equal to 123.45.67.89, making it:

RewriteEngine on
RewriteCond %{REMOTE_HOST} ^123\.45\.67\.89$
RewriteRule .* http://www.example.com/500.shtml [R=302,L]

Be aware that many malicious user-agents won't follow an external redirect, so it may be best to simply give them a 403-Forbidden response:

RewriteEngine on
RewriteCond %{REMOTE_HOST} ^123\.45\.67\.89$
RewriteRule .* - [F]

If you want to use a custom 403 error page, you'll have to allow for that to avoid recursion:

RewriteEngine on
RewriteCond %{REMOTE_HOST} ^123\.45\.67\.89$
RewriteCond %{REQUEST_URI} !^/custom_403_page\.html$
RewriteRule .* - [F]

or equivalently:

RewriteEngine on
RewriteCond %{REMOTE_HOST} ^123\.45\.67\.89$
RewriteRule !^custom_403_page\.html$ - [F]

This allows the banned IP to fetch the 403 error page only.

Make sure your custom 403 page is short and concise to minimize bandwidth. If you need to provide more information (say, to help accidentally-banned visitors), then add a link to another page. Again, the malicious 'bots won't usually follow that link after receiving a 403 response.

Jim

More...

It wasn't clear if you are redirecting to a file on your own domain or not. If the empty file is on your own server, then don't do a redirect at all... simply rewrite the requests to your empty file:

RewriteEngine on
RewriteCond %{REMOTE_HOST} ^123\.45\.67\.89$
RewriteRule .* /500.shtml [L]

Jim

Thanks Jim!

Yes, I wanted to redirect them to an empty file on my server. Have a happy Thanksgiving.