0

I am using apache 2.2 under centos6, and I'm recently having some kind of accesses that are unwanted, and that I wish to ban.

For instance, I have this in my error_log:

[Sun Apr 14 01:06:29 2013] [error] [client 96.254.171.2] File does not exist: /var/www/html/var, referer: http:**server5.cyberpods.net/azenv.php

(i replaced http:// with http:** to prevent people clicking the link, which I'm not sure whether it is safe)

I guess I could just ban anything ending by azenv.php. What should be the approach?

Sebas
  • 535
  • 1
  • 8
  • 18

1 Answers1

1

There are tons of ways to block referring urls and/or ips, so I'll give you a couple simple ways:

1) You could save an .htaccess file in the top directory of your website with a rewrite such as:

## specific referring url blocking
RewriteEngine on
# Options +FollowSymlinks

RewriteCond %{HTTP_REFERER} .*/azenv\.php [NC,OR]
RewriteRule .* - [F]

or similar to iptables:

## user ip blocking
<Limit GET POST>
 order allow,deny
 deny from 96.254.171.2
 allow from all
</Limit>

another example:

## banning referring urls with specific words, etc.
# set the skridz_ref variable
SetEnvIfNoCase Referer "^azenv.php" skridz_ref=1

# block all referrals that have skridz_ref set
<FilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=skridz_ref
</FilesMatch>

2) If you have ssh access on your server you could block the ip in your iptables like so:

# iptables -A INPUT -s 96.254.171.2 -j DROP
# service iptables save

to unblock (and delete) the ip from iptables:

# iptables -D INPUT -s xx.xxx.xx.xx -j DROP
# iptables -D INPUT -s 96.254.171.2 -j DROP
# service iptables save
l'L'l
  • 138
  • 6