LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Blocking ips from access (https://www.linuxquestions.org/questions/linux-security-4/blocking-ips-from-access-562528/)

andy1974 06-17-2007 08:06 PM
Blocking ips from access
 
Hello all , i am in need of help....i am needing to block certain ip address from accessing my web server. how do i block the ip ...also i want to blook google bot as well

blackhole54 06-18-2007 01:55 AM
Blocking IP addresses is easy. You might want to read up (howto, man page etc.) on iptables so you generally understand what is going on, but basically the rules you want to add (one per IP address) would look like one of the following:

Code:
iptables -A INPUT -s <IP address> -j DROP
iptables  -I INPUT <rule number> -s <IP address> -j DROP
They both drop packets coming from <IP address>. The first appends the rule to the end of the INPUT rules, and would be useful if you are using a script to set up your firewall. The second form inserts the rule at <rule number>, and is useful in adding a rule to an already running firewall.

But do read up some first -- it does matter where you put these rules wrt the rest of the firewall rules.

I've never run a web server, but I thought you asked web crawlers such as Google's to stay out with a robots file. Other than that, the only thing I would know to do would be to block the IP addresses at the firewall ... if you can find out the IP addresses.

archtoad6 06-18-2007 07:49 AM
Do you have a separate firewall?

Is your web server in a DMZ?

For instance, if I wanted a web server in a DMZ, my SmoothWall Express box could add those blocking rules through its web interface.

dkm999 06-18-2007 01:41 PM
To expand on blackhole54's reply, if your web server is on the same machine as your firewall, you should insert the iptables rule in the INPUT chain; if your firewall is on some other machine between the web server and the Internet, insert the blocking rule in the FORWARD chain.

It is also correct to note that all you can do wrt the Google robots is to ask them to leave your server alone. Most web crawlers will do this, but not all. To complicate things considerably, most of the big crawlers operate from many IP addresses, and share info among themselves, so the IP address that looks at the robots.txt file may not be the same one that actually sends a query to your server. More info than you probably want to know can be found at the robots.txt FAQ

archtoad6 06-26-2007 01:14 PM
Well, what did you do, how did it work out?

andy1974 06-27-2007 06:21 AM
thanks
 
well....i learned how to set up the ip filter...also i learned about the google bot and how it works. also learned how to modify and use robots.txt. so all in all i am pretty satisfied i had sevral emails from member from this forum, so i wanted to thank everyone for their help.


All times are GMT -5. The time now is 06:02 AM.