LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page stopping specific ip's from accessing apache
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-18-2004, 07:38 PM   #1
lawadm1
Member
 
Registered: Jul 2003
Location: Illinois
Distribution: Fedora 11, Ubuntu 9.04
Posts: 80

Rep: Reputation: 15
Question stopping specific ip's from accessing apache

Distr-> Fedora C2
Websvr-> Apache 2

I have an IP address that I notice continually trying to gain access to my apache web server, only to get the 404.

Is there a way I can block this address from getting to the web server, and filling my access_log with a bunch of crap?

Thanks,
Jeff
 
Old 09-19-2004, 01:22 AM   #2
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
you can turn that 404 into a 403 (forbidden) by using the follow in your httpd.conf file...:
<directory /some/directory>
Order allow,deny
Allow from all
Deny from <ip-adderss>
</directory>

but i think a better solution, since you have this known problem from a known
source would be to shut the bugger out from your firewall, or script something to
strip those entries from your log file before processing/viewing.
 
Old 09-20-2004, 12:06 PM   #3
lawadm1
Member
 
Registered: Jul 2003
Location: Illinois
Distribution: Fedora 11, Ubuntu 9.04
Posts: 80

Original Poster
Rep: Reputation: 15
do you know if there is a way to stop a particular ip address from my router?

I have a Linksys wireless-g router (WRT54G)

If not, any ideas how to stop an ip address with my fedora firewall? I'm defiantely not the ipchains or iptables expert.

Thanks,
Jeff
 
Old 09-20-2004, 12:12 PM   #4
mikedeatworld
Member
 
Registered: Nov 2003
Location: Farmington Michigan
Distribution: UBUNTU - Slackware - SuSE 9.1 - Knoppix - Fedora
Posts: 828

Rep: Reputation: 30
http://www.firewall-net.com/en/linux/index.php
 
Old 09-20-2004, 12:17 PM   #5
mikedeatworld
Member
 
Registered: Nov 2003
Location: Farmington Michigan
Distribution: UBUNTU - Slackware - SuSE 9.1 - Knoppix - Fedora
Posts: 828

Rep: Reputation: 30
http://llama.whoi.edu/linux/castle2k1/html/node30.html
 
Old 09-20-2004, 12:33 PM   #6
dsegel
Member
 
Registered: Aug 2004
Location: Davis, California
Distribution: Gentoo, always Gentoo.
Posts: 159

Rep: Reputation: 30
If you are in fact running iptables, you could do something like this:

Code:
/sbin/iptables -A INPUT -i eth0 -p tcp -s source.ip.here -j DROP
That tells it to add a new rule in that DROPs any tcp packets coming from the ip source you specify. You'd have to put this in some startup script to have it in effect if you reboot.

Basic iptables usage isn't as difficult as it looks, and besides - aren't you running linux so you can learn more about it?
Last edited by dsegel; 09-20-2004 at 12:38 PM.
 
Old 09-25-2004, 09:15 AM   #7
lawadm1
Member
 
Registered: Jul 2003
Location: Illinois
Distribution: Fedora 11, Ubuntu 9.04
Posts: 80

Original Poster
Rep: Reputation: 15
Thanks for the replies:

I've added the following, and yes, I did put the actual IP address in:

iptables -A INPUT -i eth0 -p tcp -s <IP address> -j DROP


I also added this to rc.local so that it will run when the server is rebooted.


The problem is, that I still see the IP address in the logs. Do I need to use it a different way since my router port forwards :80 to this server?

Thanks,
Jeff
 
Old 09-26-2004, 02:40 PM   #8
lawadm1
Member
 
Registered: Jul 2003
Location: Illinois
Distribution: Fedora 11, Ubuntu 9.04
Posts: 80

Original Poster
Rep: Reputation: 15
Just an update...I figured out the problem. I had a chain that was ahead of my manual entry. Once I moved my manual entry above the chain I was golden.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What VPN client under debian is stopping me from accessing the internet? shodekiagari Linux - Networking 5 01-07-2005 07:52 PM
Allow SSH from specific IP's ONLY. m15a4 Linux - Security 3 12-29-2003 04:02 AM
Need program to find specific IP's from a list cjdock Programming 20 12-17-2003 09:08 AM
Allow only specific IP's to log to FTP server ganninu Linux - Security 5 12-11-2003 07:26 AM
Apache and Dynamic IP's ranixlb Linux - Networking 3 05-24-2002 01:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:03 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration