Blocking 127.0.0.1 localhost in .htaccess

Forum Moderators: phranque

Message Too Old, No Replies

Blocking 127.0.0.1 localhost in .htaccess

Any risks?

geekay

7:59 pm on Dec 20, 2020 (gmt 0)

I was fed up with a lot of hits "from" "127.0.0.1" in the access logs so I added that IP (RewriteCond %{REMOTE_ADDR} ^127\.0\.0\.1$ [OR]) to the list of blocked IP ranges in my .htaccess. Virtually all of the faked requests were for page files and with a large variety of user agents and no referrer.

What could be the purpose of requesting files with an obviously faked IP that cannot get anything back from me although the requests are served a 200 response?

Is there a risk of my site or the server running into some problems if I block localhost in that manner?

robzilla

8:46 pm on Dec 20, 2020 (gmt 0)

How were they "faked"? I can't connect to your web server and pretend to be localhost, as far as I'm aware.

More likely, these requests are being proxied through a local service, and the service's IP address shows up in the access log.

phranque

11:39 pm on Dec 20, 2020 (gmt 0)

you can falsify the source IP address in an IP packet.
the response would go to the falsified IP address, so it doesn't help the intruder collect information but it is useful for denial of service attacks.
typically (or preferably/hopefully) the incoming packets should be filtered so that external packets with internal source addresses don't get through.

geekay

8:20 pm on Dec 21, 2020 (gmt 0)

typically (or preferably/hopefully) the incoming packets should be filtered so that external packets with internal source addresses don't get through.

Will

RewriteCond %{REMOTE_ADDR} ^127\.0\.0\.1$ [OR]

(plus the rule) in the .htaccess file be a working solution?

phranque

10:11 pm on Dec 21, 2020 (gmt 0)

Will
RewriteCond %{REMOTE_ADDR} ^127\.0\.0\.1$ [OR]
(plus the rule) in the .htaccess file be a working solution?

this will prevent you from accessing the web site locally, if that's an issue.

the incoming packets should be filtered so that external packets with internal source addresses don't get through

i am referring to network infrastructure here (such as a firewall), not your web server.

robzilla

8:48 am on Dec 22, 2020 (gmt 0)

the incoming packets should be filtered so that external packets with internal source addresses don't get through

Wouldn't that prevent these requests from appearing in the web server's access log?

phranque

8:58 am on Dec 22, 2020 (gmt 0)

Wouldn't that prevent these requests from appearing in the web server's access log?

that's why a said "should be".
it obviously isn't being filtered by the network or those packets would never get reassembled to form a web request.