Java Mailing List Archive

http://www.apache-httpd.com/

Home » users.httpd »

Re: [users@httpd] How to prevent apache proxy abuse?

Ali Nebi

2008-07-18

Replies: Find Java Web Hosting

Author LoginPost Reply
Thanks for the reply.

I use shorewall firewall. I will try to configure it to drop these hosts.
Is there some way to deny these accesses with rewriterule?

If yes how it should looks like?

Quoting Rich Schumacher <rich.schu@(protected)>:

> If you are seeing nothing but abuse from these hosts your best bet would be
> to block these at the router/firewall level. If you don't have access to
> that, use iptables on the web server to silenty drop any connections from
> them.
>
> On Fri, Jul 18, 2008 at 12:08 PM, Ali Nebi <anebi@(protected):
>
>> Hi,
>>
>> i would like to ak how can i block these attempts?
>>
>> fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:30 -0500] "POST
>> http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 302 313 "-" "-"
>> fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:30 -0500] "GET
>> http://www.microsoft.com/ HTTP/1.0" 302 304 "-" "Mozilla/4.0 (compatible;
>> MSIE 6.0; Windows NT 5
>> .1; SV1; .NET CLR 1.1.4322)"
>> fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:32 -0500] "CONNECT
>> http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 319 "-" "-"
>> 204.184.43.252 - - [18/Jul/2008:13:05:41 -0500] "GET
>> http://www.microsoft.com/ HTTP/1.0" 302 304 "-" "Mozilla/4.0 (compatible;
>> MSIE 6.0; Windows NT 5.1; SV1;
>> .NET CLR 1.1.4322)"
>> 204.184.43.252 - - [18/Jul/2008:13:05:41 -0500] "POST
>> http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 302 313 "-" "-"
>> 204.184.43.252 - - [18/Jul/2008:13:05:43 -0500] "CONNECT
>> http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 319 "-" "-"
>>
>>
>> I don't use proxy and it is disabled, but i still get these connections in
>> access_log. After this, this server is blacklisted from XBL and CBL list
>> like spammer.
>>
>> Please help me to solve this problem. What can i do to block and to prevent
>> this kind of accesses?
>>
>> Thanks in advanced!
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@(protected)
>> "  from the digest: users-digest-unsubscribe@(protected)
>> For additional commands, e-mail: users-help@(protected)
>>
>>
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@(protected)
 "  from the digest: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)

©2008 apache-httpd.com - Jax Systems, LLC, U.S.A.