Ive read that you can add a line that denies a certain ip or multiple ips.


# Note:
#
# The file that is included below is generated by SuSEconfig.
#
# In this file, SuSEconfig puts Include statements it finds
# in /etc/apache2/modules/* (lines with "File:..." or "Include:...").
# If such a module file also contains a "Variable:..." statement, the settings
# in /etc/sysconfig/apache2 will be honored.
#
# In addition, any files listed in the APACHE_CONF_INCLUDE_FILES variable
# in /etc/sysconfig/apache2 will be included here by SuSEconfig.
# This allows you to add e.g. VirtualHost statements without touching
# /etc/apache2/httpd.conf itself, which usually makes upgrading a lot easier.

Include /etc/apache2/suse_include.conf

NameVirtualHost 192.168.2.27

<VirtualHost 192.168.2.27>
ServerName www.balh.com
DocumentRoot /srv/www/htdocs/blah/
ServerAlias blah
DirectoryIndex index.php index.html index.htm index.shtml
</VirtualHost>

<VirtualHost 192.168.2.27>
ServerName blah.com
DocumentRoot /srv/www/htdocs/bigtymers/
ServerAlias bigtymers.com
DirectoryIndex index.php INDEX3.html index3.htm index.shtml
</VirtualHost>


Can i just add the line of code ANY where i want? Does it have to be in a certain part of the config file? What exactly is the line of code that blocks 1 ip? Whats the code to block MULTIPLE ips??

Why do i want to block?

66.58.30.234 - - [03/Mar/2003:17:04:52 -0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 214
66.58.30.234 - - [03/Mar/2003:17:04:52 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 212
66.58.30.234 - - [03/Mar/2003:17:04:52 -0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 222
66.58.30.234 - - [03/Mar/2003:17:04:52 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 222
66.58.30.234 - - [03/Mar/2003:17:04:53 -0800] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 236
66.58.30.234 - - [03/Mar/2003:17:04:53 -0800] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 253
66.58.30.234 - - [03/Mar/2003:17:04:53 -0800] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 253
66.58.30.234 - - [03/Mar/2003:17:04:53 -0800] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 269
66.58.30.234 - - [03/Mar/2003:17:04:54 -0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.58.30.234 - - [03/Mar/2003:17:04:54 -0800] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.58.30.234 - - [03/Mar/2003:17:04:54 -0800] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.58.30.234 - - [03/Mar/2003:17:04:54 -0800] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.58.30.234 - - [03/Mar/2003:17:04:54 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 226
66.58.30.234 - - [03/Mar/2003:17:04:55 -0800] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 226
66.58.30.234 - - [03/Mar/2003:17:04:55 -0800] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 236


AND

66.7.129.108 - - [04/Mar/2003:07:28:46 -0800] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 214
66.7.129.108 - - [04/Mar/2003:07:28:46 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 212
66.7.129.108 - - [04/Mar/2003:07:28:46 -0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 222
66.7.129.108 - - [04/Mar/2003:07:28:47 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 222
66.7.129.108 - - [04/Mar/2003:07:28:47 -0800] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 236
66.7.129.108 - - [04/Mar/2003:07:28:47 -0800] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 253
66.7.129.108 - - [04/Mar/2003:07:28:47 -0800] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 253
66.7.129.108 - - [04/Mar/2003:07:28:48 -0800] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 269
66.7.129.108 - - [04/Mar/2003:07:28:48 -0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.7.129.108 - - [04/Mar/2003:07:28:48 -0800] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.7.129.108 - - [04/Mar/2003:07:28:48 -0800] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.7.129.108 - - [04/Mar/2003:07:28:48 -0800] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.7.129.108 - - [04/Mar/2003:07:28:49 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 226

AND

66.58.30.235 - - [04/Mar/2003:10:34:22 -0800] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 212
66.58.30.235 - - [04/Mar/2003:10:34:22 -0800] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 222
66.58.30.235 - - [04/Mar/2003:10:34:22 -0800] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 222
66.58.30.235 - - [04/Mar/2003:10:34:22 -0800] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 236
66.58.30.235 - - [04/Mar/2003:10:34:22 -0800] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 253
66.58.30.235 - - [04/Mar/2003:10:34:23 -0800] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 253
66.58.30.235 - - [04/Mar/2003:10:34:23 -0800] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 269
66.58.30.235 - - [04/Mar/2003:10:34:23 -0800] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.58.30.235 - - [04/Mar/2003:10:34:23 -0800] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.58.30.235 - - [04/Mar/2003:10:34:24 -0800] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.58.30.235 - - [04/Mar/2003:10:34:24 -0800] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 235
66.58.30.235 - - [04/Mar/2003:10:34:24 -0800] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 226
66.58.30.235 - - [04/Mar/2003:10:34:24 -0800] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 226
66.58.30.235 - - [04/Mar/2003:10:34:24 -0800] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 236
66.58.30.235 - - [04/Mar/2003:10:34:25 -0800] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 236



Thank you.

Ps: im using Apache 2

I don't remember how in apache, and I don't have access to my server to look at the moment, but you should be able to add it to /etc/hosts.deny

man hosts to get the syntax, but I think it's

httpd denied ip, denied domain, denied user, ...etc

No not there. The one im talking about is "deny "ip" "

M yquestion is how i would do it for multiple ips and WHERE in the config file i should put the code.

Some one has to know...come on.

u can try webmin

http://www.webmin.com/

under server tab, u can configure servers with html form input
don't need to hassle with configure file

Why not kill it at your firewall? If you're using iptables adding a line like

iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP

ought to kill it nicely.

As stikboy said, you can deny certain ips access through the /etc/hosts.deny file. The syntax is:

httpd: 66.7.129.108, 66.58.30.235, etc.

Why don't you want to do it this way?

As Hangdog42 said denying access through iptables is also a good idea as well.

Besides the machine, what would one restart after making changes to hosts.deny to make them take effect? Apache? kill -HUP inetd? Or what?

Cool

Well I know in redhat tcpwrappers are part of xinetd so to make the changes to hosts.deny you would have to restart xinetd.

Cool, thanks, looks like it worked just fine.