Ali Nebi wrote:
> Thanks for the reply.
>
> I use shorewall firewall. I will try to configure it to drop these hosts.

Off topic now (nd assuming this is a non commercial web service)

Add the ip addresses to /etc/shorewall/blacklists and ensure

blacklists is added to the correct line in the /ec/shorewall/interfaces
file.

i.e.

fox ~ # grep blacklist /etc/shorewall/interfaces
#               blacklist   - Check packets arriving on this
interface
#                         against the /etc/shorewall/blacklist
net   eth1        -           blacklist
net   ppp0        -           blacklist
fox ~ #

and

fox ~ # tail -5 /etc/shorewall/blacklist
24.64.108.109/32
24.64.187.143/32

#ADDRESS/SUBNET      PROTOCOL     PORT
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

> Is there some way to deny these accesses with rewriterule?
> If yes how it should looks like?

If I wanted to try and feed the infected machine something that
may trigger it I would consider an errordocument handler
but anything beyond a standard error may cause the infected machine
to conside your system as 'open'.

Instead, have the errordoc handler write the IP address to a log
and feed this (carefully) into your blacklist file.

Jacqui

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@(protected)
 "  from the digest: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)