You need to use <Location > directive to block ip's from Apache (which is being served by jboss) You will also need to restart Apache everytime you add modify any ACL -----Original Message----- From: André Warnier [mailto:aw@xxxxxxxxxx] Sent: Thursday, June 05, 2008 12:56 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: Block IP Mohit Anchlia wrote: > Few questions: > > 1. We have a webserver and we use mod_jk to redirect request to a servlet to > our App server. Given this situation where file on the web server doesn't > get accessed how can I block the IP at web server. Only option that I know > of is RewriteCond. Is that what's advisable. Just a naïve question : if you are not using the webserver itself (presumably Apache), and just use it to redirect all requests (via mod_jk) to your App server (presumably Tomcat or a derivative), then why do you have the webserver at all ? Why not eliminate the webserver and mod_jk, have your Appserver listen directly on port 80, and cut out the complication and overhead ? You can block/allow IP's at the Tomcat level too. See : http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html > > 2. Another question I had was sometimes we don't get real physical IP of the > machine but the IP of something that's in between like "router", is there a > way to get the real IP so that we don't end up blocking people coming from > that "router" or "proxy" In my opinion, you cannot. The whole point of such routers and proxies is to make the requests look like they are coming from the router/proxy, so that is the sender IP address you are seeing at your server level, and that's it. Your server never receives the original requester IP address. > > 3. Do I need to start the web server everytime new RewriteRule is added ? > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx