[opensuse] Blocking IP's using apache and iptables.
Hi All, I got this IP 75.126.21.163 spam my site, I try to block using apache and add this in my vhost.conf Options Indexes FollowSymLinks Order Allow,Deny Deny from 75.126.21.163 Allow from all But this spammer stil can get thru it. Why is this happen ? I'm using suse 10.0 and apache2-2.0.54-10.8 I also try to block using suse-firewall, but I dont know where should I add in susefirewall-custom. Is there any clue for this problem ? regards, -- Arie Reynaldi Zanahar reymanx at gmail.com http://www.reynaldi.or.id -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I did this, but that IP still can access my site. Here's my config. Options Indexes FollowSymLinks Order Deny,Allow Deny from 75.126.21.163 Allow from all This is the apache modules from /etc/sysconfig/apache2 APACHE_MODULES="access actions alias auth autoindex cgi dir include log_config mime negotiation setenvif status userdir asis imap rewrite php4 perl python ruby" Is there something i left so it should be configured first ? -- Arie Reynaldi Zanahar reymanx at gmail.com http://www.reynaldi.or.id -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Arie Reynaldi Z <reymanx@gmail.com> [02-09-07 20:51]: [...]
/etc/sysconfig/SuSEfirewall2 FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" /etc/sysconfig/scripts/SuSEfirewall2-custom fw_custom_after_antispoofing() { # could also be named /"before_port_splitting()" # these rules will be loaded after the anti-spoofing and icmp # handling # but before any IP protocol or TCP/UDP port allow/protection rules # will be set. # You can use this hook to allow/deny certain IP protocols or # TCP/UDP # ports before the SuSEfirewall2 generated rules are hit. iptables -I INPUT 1 -s 75.126.21.163 -j DROP -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Patrick
I add this in Susefirewall-custom, but still not working. When I type iptables -L, there's no chains indicated this IP. But when I add manually from console by typing iptables -I INPUT 1 -s 75.126.21.163 -j DROP , it worked. Is this susefirewall-custom actually work ? Or I just add this rule somewhere in /etc/init.d/boot.local or /etc/init.d/custom.script so it start whenever I boot / want ? Will it break rules in susefirewall ? regards, -- Arie Reynaldi Zanahar reymanx at gmail.com http://www.reynaldi.or.id -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Arie Reynaldi Z <reymanx@gmail.com> [02-09-07 21:35]:
/etc/sysconfig/SuSEfirewall2 FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
What about the first comment? Sounds like you only did half. SuSEfirewall2 does not use ...-custom unless you tell it to. Tell SuSEfirewall2 to use SuSEfirewall2-custom with the 'drop' line you added and see if it works..... -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2/10/07, Patrick Shanahan <ptilopteri@gmail.com> wrote:
Right ! Thanks Patrick ... my mistake :-) It works now.. Now, how about blocking it from apache ? I add 'Order Deny,Allow' but the IP still can get thru it (without blocking by iptables). regards, -- Arie Reynaldi Zanahar reymanx at gmail.com http://www.reynaldi.or.id -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Arie Reynaldi Z <reymanx@gmail.com> [02-09-07 21:54]:
I don't know. But I would rather block 'specific' sites via the firewall. Wouldn't want them anywhere else if I didn't want them to have access to my web-site :^) btw, the firewall info was presented in the old suse-linux-e list to me by Ulf Rasch X-Mailinglist: suse-linux-e X-Message-Number-for-archive: 251791 10-29-2005 IF you wanted to see for yourself. gud luk, -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I did this, but that IP still can access my site. Here's my config. Options Indexes FollowSymLinks Order Deny,Allow Deny from 75.126.21.163 Allow from all This is the apache modules from /etc/sysconfig/apache2 APACHE_MODULES="access actions alias auth autoindex cgi dir include log_config mime negotiation setenvif status userdir asis imap rewrite php4 perl python ruby" Is there something i left so it should be configured first ? -- Arie Reynaldi Zanahar reymanx at gmail.com http://www.reynaldi.or.id -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Arie Reynaldi Z <reymanx@gmail.com> [02-09-07 20:51]: [...]
/etc/sysconfig/SuSEfirewall2 FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" /etc/sysconfig/scripts/SuSEfirewall2-custom fw_custom_after_antispoofing() { # could also be named /"before_port_splitting()" # these rules will be loaded after the anti-spoofing and icmp # handling # but before any IP protocol or TCP/UDP port allow/protection rules # will be set. # You can use this hook to allow/deny certain IP protocols or # TCP/UDP # ports before the SuSEfirewall2 generated rules are hit. iptables -I INPUT 1 -s 75.126.21.163 -j DROP -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi Patrick
I add this in Susefirewall-custom, but still not working. When I type iptables -L, there's no chains indicated this IP. But when I add manually from console by typing iptables -I INPUT 1 -s 75.126.21.163 -j DROP , it worked. Is this susefirewall-custom actually work ? Or I just add this rule somewhere in /etc/init.d/boot.local or /etc/init.d/custom.script so it start whenever I boot / want ? Will it break rules in susefirewall ? regards, -- Arie Reynaldi Zanahar reymanx at gmail.com http://www.reynaldi.or.id -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Arie Reynaldi Z <reymanx@gmail.com> [02-09-07 21:35]:
/etc/sysconfig/SuSEfirewall2 FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
What about the first comment? Sounds like you only did half. SuSEfirewall2 does not use ...-custom unless you tell it to. Tell SuSEfirewall2 to use SuSEfirewall2-custom with the 'drop' line you added and see if it works..... -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2 OpenSUSE Linux http://en.opensuse.org/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 2/10/07, Patrick Shanahan <ptilopteri@gmail.com> wrote:
Right ! Thanks Patrick ... my mistake :-) It works now.. Now, how about blocking it from apache ? I add 'Order Deny,Allow' but the IP still can get thru it (without blocking by iptables). regards, -- Arie Reynaldi Zanahar reymanx at gmail.com http://www.reynaldi.or.id -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Arie Reynaldi Z -
J Sloan -
Patrick Shanahan