On 12/09/16 12:03, Rainer Canavan wrote:Thanks for noticing! Of course all other directives are supposed to be within virtualhosts, but worth changing just to be extra sure. In this case you'll have create separate default deny configuration for each IP address, right? I don't think _denying_ something can _increase_ attack surface. But since there's seemingly demand for this kind of configuration it'd be nice if community helped make it better and more secure. What extra steps do you think one should take to securely deny (and subsequently ban) clients (mostly bots) that do not even know domain name they are accessing?
--
With Best Regards, Marat Khalili
|