httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans-Georg Scherneck <>
Subject Re: [users@httpd] Denying access for a complicated bugger address
Date Tue, 30 Sep 2014 18:26:03 GMT
Rainer M. Canavan wrote:
> On Sep 30, 2014, at 19:16 , Hans-Georg Scherneck <> wrote:
>> My site is bombarded by POST requests from a site identifying itself like
>> A "deny from" instruction with a string trying to match this in .htaccess does not
appear to work (though other abusers with simple IP's I can get barred this way).
> You don't say where that sites identifies itself in such a manner. You should
> not enable reverse lookups (i.e. HostnameLookups should be Off, possibly some
> other settings), then the first column in your access.log should always be
> the actual originating IP address of that request.  If they are real spammers,
> they have a botnet with lots of IPs in nearly as many locations and subnets.
> rainer
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
> Blocking from apache:
> <Location />
>     Order Allow,Deny
>     Deny from <INSERT IP TO BLOCK HERE>
> </Location>
> You can block it at the network stack level too, this way apache does not even see the
request, ex 
> on linux using iptables.
> bye,
> Frederik 

I'm trying with <Location /> now.

HostnameLookups Off

has always been set.
My reply to Richard a minute ago included some incriminating access.log lines. Ever seen an
like this before?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message