stopping specific ip's from accessing apache
 

Distr-> Fedora C2
Websvr-> Apache 2

I have an IP address that I notice continually trying to gain access to my apache web server, only to get the 404.

Is there a way I can block this address from getting to the web server, and filling my access_log with a bunch of crap?

Thanks,
Jeff

you can turn that 404 into a 403 (forbidden) by using the follow in your httpd.conf file...:
<directory /some/directory>
Order allow,deny
Allow from all
Deny from <ip-adderss>
</directory>

but i think a better solution, since you have this known problem from a known
source would be to shut the bugger out from your firewall, or script something to
strip those entries from your log file before processing/viewing.

do you know if there is a way to stop a particular ip address from my router?

I have a Linksys wireless-g router (WRT54G)

If not, any ideas how to stop an ip address with my fedora firewall? I'm defiantely not the ipchains or iptables expert.

Thanks,
Jeff

If you are in fact running iptables, you could do something like this:

That tells it to add a new rule in that DROPs any tcp packets coming from the ip source you specify. You'd have to put this in some startup script to have it in effect if you reboot.

Basic iptables usage isn't as difficult as it looks, and besides - aren't you running linux so you can learn more about it?

Thanks for the replies:

I've added the following, and yes, I did put the actual IP address in:

iptables -A INPUT -i eth0 -p tcp -s <IP address> -j DROP


I also added this to rc.local so that it will run when the server is rebooted.


The problem is, that I still see the IP address in the logs. Do I need to use it a different way since my router port forwards :80 to this server?

Thanks,
Jeff

Just an update...I figured out the problem. I had a chain that was ahead of my manual entry. Once I moved my manual entry above the chain I was golden.