Re: How to prevent apache proxy abuse?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

You could use mod_rewrite/.htaccess to block these hosts.  If you have access, however, I'd suggest adding them to the DocumentRoot in your httpd.conf.  This is especially helpful if you are serving multiple sites from a single server using vhosts.  Adding them to the httpd.conf will allow you to block access across the board to all sites that fall under the DocumentRoot.

In httpd.conf, using the hosts from your log:
<Directory "/your/document/root">
    Order allow,deny
    Allow from all
    Deny from fcmat.org
    Deny from 204.184.43.252
</Directory>

Hope that helps.

Rich

On Fri, Jul 18, 2008 at 1:21 PM, Ali Nebi <anebi@xxxxxxxxxxxx> wrote:
Thanks for the reply.

I use shorewall firewall. I will try to configure it to drop these hosts.
Is there some way to deny these accesses with rewriterule?

If yes how it should looks like?


Quoting Rich Schumacher <rich.schu@xxxxxxxxx>:

If you are seeing nothing but abuse from these hosts your best bet would be
to block these at the router/firewall level.  If you don't have access to
that, use iptables on the web server to silenty drop any connections from
them.

On Fri, Jul 18, 2008 at 12:08 PM, Ali Nebi <anebi@xxxxxxxxxxxx> wrote:

Hi,

i would like to ak how can i block these attempts?

fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:30 -0500] "POST
http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 302 313 "-" "-"
fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:30 -0500] "GET
http://www.microsoft.com/ HTTP/1.0" 302 304 "-" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5
.1; SV1; .NET CLR 1.1.4322)"
fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:32 -0500] "CONNECT
http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 319 "-" "-"
204.184.43.252 - - [18/Jul/2008:13:05:41 -0500] "GET
http://www.microsoft.com/ HTTP/1.0" 302 304 "-" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; SV1;
 .NET CLR 1.1.4322)"
204.184.43.252 - - [18/Jul/2008:13:05:41 -0500] "POST
http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 302 313 "-" "-"
204.184.43.252 - - [18/Jul/2008:13:05:43 -0500] "CONNECT
http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 319 "-" "-"


I don't use proxy and it is disabled, but i still get these connections in
access_log. After this, this server is blacklisted from XBL and CBL list
like spammer.

Please help me to solve this problem. What can i do to block and to prevent
this kind of accesses?

Thanks in advanced!

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
 "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx






----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux