On Wed, 29 May 2013, m.roth@xxxxxxxxx wrote:
> Max Pyziur wrote:
>>
>> Greetings,
>>
>> It seems that I've hit a size limitation when adding unwanted IPs to a
>> "Deny From" line.
>>
>> Is there any place where this is specified?
>>
>> Also, if I hit the max length on a "Deny From" line, can I add another
>> "Deny From" line?
>>
>> (Running CentOS 6, and the following version of Apache:
>> httpd-2.2.15-28.el6.centos.x86_64)
>
> Have you considered running fail2ban, and banning them using iptables?
I've considered that.
But I'm tied to my (little?/not-so-little?) home-grown system of mining
threatening IPs from BL sites (spam, sshd, forumspam), running them
through an sql database, and outputing /etc/hosts.deny files to block via tcp
wrappers, and now starting to output "Deny from" lines to place in
.htaccess files. "Deny From" lines longer than somewhere around 8000
characters seem to be the limit; I was curious if there was a specified
limit somewhere, and whether or not I could put multiple Deny From lines?
WHile fail2ban looks good, the little that I've tried it, I like keeping
the firewall iptables neat, and doing the blocking as I have described
above (maybe it's familiarity trumping fail2ban; maybe it's that fail2ban
has a bit of a learning curve ...)
> mark
>
Much thanks for the advice.
Max Pyziur
pyz@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
