httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frederik Nosi <>
Subject Re: [users@httpd] Denying access for a complicated bugger address
Date Tue, 30 Sep 2014 18:38:06 GMT
Hi Hans-Georg,

On 09/30/2014 08:26 PM, Hans-Georg Scherneck wrote:
> Rainer M. Canavan wrote:
>> On Sep 30, 2014, at 19:16 , Hans-Georg Scherneck <> 
>> wrote:
>>> My site is bombarded by POST requests from a site identifying itself 
>>> like
>>> A "deny from" instruction with a string trying to match this in 
>>> .htaccess does not appear to work (though other abusers with simple 
>>> IP's I can get barred this way).
>> You don't say where that sites identifies itself in such a manner. 
>> You should
>> not enable reverse lookups (i.e. HostnameLookups should be Off, 
>> possibly some
>> other settings), then the first column in your access.log should 
>> always be
>> the actual originating IP address of that request.  If they are real 
>> spammers,
>> they have a botnet with lots of IPs in nearly as many locations and 
>> subnets.
>> rainer
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
>> Blocking from apache:
>> <Location />
>>     Order Allow,Deny
>>     Deny from <INSERT IP TO BLOCK HERE>
>> </Location>
>> You can block it at the network stack level too, this way apache does 
>> not even see the request, ex on linux using iptables.
>> bye,
>> Frederik 
> I'm trying with <Location /> now.
> HostnameLookups Off
> has always been set.
> My reply to Richard a minute ago included some incriminating 
> access.log lines. Ever seen an address like this before?
> /Hans-Georg

I've never recieved those mails,

But as Rainer said not sure that a simple IP blacklisting if it's 
effective in the real world thoughthough, it's easy to change IP.

Maybe you can add a captcha, require authentication for accessing the 
form or some automatic blacklisting solution or rate limiting ex:

another more "disguised" option, using the mod_rewrite, matching the IP 
and then replying "200 ok" with a fake page or such.

As always you have to choose the solution that suits you most.


> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message