LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   How do use htaccess to trigger an error 403 when a url contaiins a direction code? (https://www.linuxquestions.org/questions/linux-server-73/how-do-use-htaccess-to-trigger-an-error-403-when-a-url-contaiins-a-direction-code-647496/)

Usalabs 06-06-2008 03:51 PM
How do use htaccess to trigger an error 403 when a url contaiins a direction code?
 
ok, here's my dilemma, I have users that are trying to flood the registration system of my home based server powered website, even though I have the site security to use captcha and email validation, my admin section shows at least 100 users that have tried to signup using fake email addresses, all ending in .cn, the ip addresses slightly differ but all begin with 74.55 or 74.52, an ip check showed they all originated from an ISP in Dallas Texas, I contacted them and got exactly the same reply, as wth other people that I know, who have also contacted them, "We are aware of the problem and are looking into it.", which indicates the reply is an auto responder,,,,,anyway, getting back to the question.

My registration link uses:
Code:
index.php?act=REG&CODE=00
I use htaccess on another site to block the IP address block of the ISP from accessessing signup.php, thus triggering a 403 error, and apache then directs to a custom error page, this works perfectly, but how to I use htaccess to do the same, but trigger an error 403 on the above code?

trickykid 06-06-2008 03:57 PM
Just drop them with an iptables rule, that's what I do. If they're spam bots and if they're smart spam bots, when they can't connect for a few hours or days/weeks, they'll stop trying to flood your site. Instead of them still flooding your webserver, using resources, a simple -DROP from iptables saves you some resources instead of relying on apache to do it for you, still taking away such resources from apache.

Usalabs 06-06-2008 04:07 PM
Quote:
Originally Posted by trickykid (Post 3177004)
Just drop them with an iptables rule, that's what I do. If they're spam bots and if they're smart spam bots, when they can't connect for a few hours or days/weeks, they'll stop trying to flood your site. Instead of them still flooding your webserver, using resources, a simple -DROP from iptables saves you some resources instead of relying on apache to do it for you, still taking away such resources from apache.
mmmmmmm, I do have the ability to install shorewall, but currently it's not installed, but I do use a hardware firewall, but adding the line:-

Code:
iptables -A INPUT -s xx.xx.0.0/14 -j DROP
adds it after last rule of a list:-

rule 1
rule 2
etc etc
DROP all -- anywhere anywhere
DROP all -- xx.xx.0.0/14 anywhere

but if I remove the drop all anywhere rule then add the IP block range rule, then add the drop anywhere rule as the last rule, all access to the server, including my access via ssh, is blocked.

Is there a way to 'insert' the rule before the last rule in the list without removing it?

I know I can use the -I option but I have to use an integer value, but when I try to use -I4 or -I 4, I get an error, plus, I can't find anywhere, to find examples of how each option is used.


All times are GMT -5. The time now is 06:56 PM.