Java Mailing List Archive

http://www.apache-httpd.com/

Home » users.httpd »

Re: [users@httpd] How to prevent apache proxy abuse?

Rich Schumacher

2008-07-18

Replies: Find Java Web Hosting

Author LoginPost Reply
You could use mod_rewrite/.htaccess to block these hosts.  If you have access, however, I'd suggest adding them to the DocumentRoot in your httpd.conf.  This is especially helpful if you are serving multiple sites from a single server using vhosts.  Adding them to the httpd.conf will allow you to block access across the board to all sites that fall under the DocumentRoot.

In httpd.conf, using the hosts from your log:
<Directory "/your/document/root">
    Order allow,deny
    Allow from all
    Deny from fcmat.org
    Deny from 204.184.43.252
</Directory>

Hope that helps.

Rich

On Fri, Jul 18, 2008 at 1:21 PM, Ali Nebi <anebi@iguanait.com> wrote:
Thanks for the reply.

I use shorewall firewall. I will try to configure it to drop these hosts.
Is there some way to deny these accesses with rewriterule?

If yes how it should looks like?


Quoting Rich Schumacher <rich.schu@gmail.com>:

If you are seeing nothing but abuse from these hosts your best bet would be
to block these at the router/firewall level.  If you don't have access to
that, use iptables on the web server to silenty drop any connections from
them.

On Fri, Jul 18, 2008 at 12:08 PM, Ali Nebi <anebi@iguanait.com> wrote:

Hi,

i would like to ak how can i block these attempts?

fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:30 -0500] "POST
http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 302 313 "-" "-"
fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:30 -0500] "GET
http://www.microsoft.com/ HTTP/1.0" 302 304 "-" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5
.1; SV1; .NET CLR 1.1.4322)"
fcmat_ex.nw1.fcmat.org - - [18/Jul/2008:09:51:32 -0500] "CONNECT
http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 319 "-" "-"
204.184.43.252 - - [18/Jul/2008:13:05:41 -0500] "GET
http://www.microsoft.com/ HTTP/1.0" 302 304 "-" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; SV1;
 .NET CLR 1.1.4322)"
204.184.43.252 - - [18/Jul/2008:13:05:41 -0500] "POST
http://lti-mail01.ltinetworks.com:25/ HTTP/1.0" 302 313 "-" "-"
204.184.43.252 - - [18/Jul/2008:13:05:43 -0500] "CONNECT
http://lti-mail01.ltinetworks.com:25 HTTP/1.0" 400 319 "-" "-"


I don't use proxy and it is disabled, but i still get these connections in
access_log. After this, this server is blacklisted from XBL and CBL list
like spammer.

Please help me to solve this problem. What can i do to block and to prevent
this kind of accesses?

Thanks in advanced!

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
 "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org






----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


©2008 apache-httpd.com - Jax Systems, LLC, U.S.A.