On 3/13/2015 7:54 PM, el kalin wrote:
On Fri, Mar 13, 2015 at 7:36 PM, Jim Albert <jim@xxxxxxxxxxxxx<mailto:jim@xxxxxxxxxxxxx>> wrote:
On 3/13/2015 7:17 PM, el kalin wrote:
if i have this in the
<Directory "/server/doc/root">
Order allow,deny
Allow from all
deny from 111.10.250.188
</Directory>
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.inovapo
ESTABLISHED
this is growing with every netstat i do. any ideas???
thanks…
I believe your Order allow, deny is correct.
i believe so too...
You are controlling what can be served by Apache, but not the actual
network connection to your Apache server, hence the continued
entries in your connection table. I would assume your Apache error
log is spewing lots of access denied or such errors indicating your
deny is working.
If you really want to keep a given an IP address completely out of
Apache, block it in iptables or better yet the firewall behind which
your Apache server sits, but iptables will do it.
i'm aware. the problem is that this is an netbsd ec2 (amazon instance)
and the only "firewall" right now is the security groups that service
offers. those are not meant to block individual ips. they are rather all
exclusive. so my only other option was pf. which i'm used to but it
appears that the whole dynamic kernel module loading is screwed up
because of the kernel build to fit xen… and so on…
iptables?
--
Jim Albert
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx