Blocking an IP server wide

Forum Moderators: phranque

Message Too Old, No Replies

Blocking an IP server wide

it's one of the AboutUS type sites

walkman

3:34 pm on Jan 22, 2008 (gmt 0)

I would rather block an IP from accessing ALL my sites. I know how to do it on each site but it would take me a long time. Any suggestions for a quick server wide ban (ideally within apache)?

Thanks,

lammert

4:51 pm on Jan 22, 2008 (gmt 0)

If you are running on Linux, you can use the Linux firewall iptables. The command you can use is:

iptables -A INPUT -s aaa.bbb.ccc.ddd -j DROP

This ignores all requests from the IP address aaa.bbb.ccc.ddd

walkman

8:08 pm on Jan 22, 2008 (gmt 0)

lammert,
I have sworn off using them as I am scared of blocking half the world with the wrong command :)

It cannot be done apache wise, on the main httpd.conf?

jdMorgan

10:31 pm on Jan 22, 2008 (gmt 0)

It can be done using "SetEnvIf" plus a "Deny from env=" (mod_access) directive, or you can use mod_rewrite's RewriteCond and RewriteRule directives.

Jim

walkman

11:02 pm on Jan 22, 2008 (gmt 0)

thanks jd, and that can be put in the top area of http.conf, right? I mean not site specific..

phranque

5:11 am on Jan 23, 2008 (gmt 0)

the Deny directive is only available in directory and .htaccess contexts but mod_rewrite's RewriteCond and RewriteRule directives are available in server config context.

jdMorgan

1:47 pm on Jan 23, 2008 (gmt 0)

That is to say, if Deny is used in httpd.conf, it must be used within a <Directory> container.

Jim

phranque

1:58 pm on Jan 23, 2008 (gmt 0)

precisely - that being apache context [httpd.apache.org] rather than a strict dictionary definition.