On Wed, Jun 4, 2014 at 2:55 PM, MM <finjulhich@xxxxxxxxx> wrote: > Hi, > > I run a personal https at home with no official certificate. The hostname I > use is a dynamic dns hostname. > Apache/2.4.9 OpenSSL/1.0.1e-fips PHP/5.5.12 SVN/1.8.8 mod_perl/2.0.9-dev > Perl/v5.18.2 > > > On ssl_request I see a couple of entries like this: > > TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/ HTTP/1.1" 287 > TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/vtigerservice.php HTTP/1.1" 304 > TLSv1 DHE-RSA-AES256-SHA "GET > /vtigercrm/graph.php?current_language=../../../../../../../..//etc/elastix.conf%00&module=Accounts&action > HTTP/1.1" 296 > TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/ HTTP/1.1" 287 > > from undesired clients. > > Is there a way to limit the IPs of clients that http/https queries can come > from? Would this help? http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow There is also fail2ban. And you could setup your firewall to restrict which IPs can reach server on the proper port --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|