RE: Block IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You need to use <Location > directive to block ip's from Apache (which is
being served by jboss) 

You will also need to restart Apache everytime you add modify any ACL 
 
-----Original Message-----
From: André Warnier [mailto:aw@xxxxxxxxxx] 
Sent: Thursday, June 05, 2008 12:56 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  Block IP



Mohit Anchlia wrote:
> Few questions:
> 
> 1. We have a webserver and we use mod_jk to redirect request to a servlet
to
> our App server. Given this situation where file on the web server doesn't
> get accessed how can I block the IP at web server. Only option that I know
> of is RewriteCond. Is that what's advisable.

Just a naïve question : if you are not using the webserver itself 
(presumably Apache), and just use it to redirect all requests (via 
mod_jk) to your App server (presumably Tomcat or a derivative), then why 
do you have the webserver at all ?  Why not eliminate the webserver and 
mod_jk, have your Appserver listen directly on port 80, and cut out the 
complication and overhead ?
You can block/allow IP's at the Tomcat level too.
See : http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html

> 
> 2. Another question I had was sometimes we don't get real physical IP of
the
> machine but the IP of something that's in between like "router", is there
a
> way to get the real IP so that we don't end up blocking people coming from
> that "router" or "proxy"

In my opinion, you cannot.  The whole point of such routers and proxies 
is to make the requests look like they are coming from the router/proxy, 
so that is the sender IP address you are seeing at your server level, 
and that's it.  Your server never receives the original requester IP 
address.

> 
> 3. Do I need to start the web server everytime new RewriteRule is added ?
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux