Block IPs in apache2

Question

Ok another noob questions here. I have serveral IP's probing my server for phpmyadmin and other administrator stuff, looks like they're looking for something to hack, but honestly I don't care who they are, I just want to block them. How can i block these IPs? Is it in the .htaccess? I have all the auth modules in apache and they are activated.

score 4 · Accepted Answer · answered Aug 28 '09 at 00:31

4

The best way to do this with apache is with the access control module. Basically, just put something like this into your .htaccess

 Deny from 10.252.46.165

More information on it can be found here.

However, that is not necessarily the best way to do it, because Apache is still handling the request. You can actually block all incoming traffic from certain IPs before they even reach Apache, or any other services. The downside with this is that you need to have root access to your server. Information on that can be found here.

answered Aug 28 '09 at 00:31

Alan

338
1
3
10

It is my own server, i do have root access. Thanks, this should do it. – alpha1 Aug 28 '09 at 00:34
You might also want to look into something like Fail2Ban or DenyHosts, which can automatically set the firewall to block IP addresses that exhibit suspicious behavior. Or mod_security for something similar at the Apache level. – David Z Aug 28 '09 at 04:47

score 1 · Answer 2 · answered Aug 28 '09 at 00:29

1

If there a firewall between your server and the Internet? That would be the best place to block them. Blocking the IPs from accessing your server on the server will protect you from brute force attacks, but not from a DDoS attack, as they are still making requests that your server has to reject.

If you have to do it locally, I'd say do it in iptables.

answered Aug 28 '09 at 00:29

MDMarra

100,734
32
197
329

Only a cheapie router, which can't block incoming IPs – alpha1 Aug 28 '09 at 00:32
alpha1: If you are using Linux, iptables is the built in firewall for the Linux box and I would opt for that as well. – Kyle Brandt Aug 28 '09 at 11:17

score 1 · Answer 3 · answered Aug 29 '09 at 13:24

Probably a more security-minded approach would be that you block everyone for sensitive URL's (PHPMyAdmin etc.), and only allow a couple of IP addresses in, so you can still access those services. Example:

<Location /sensitive/url>
    Order allow,deny
    Allow from 127.0.0.1 a.b.c.d your.manager.hosts.address
    Deny from all
</Location>

Of course it depends on the situation if it suits your needs or not.

You can also combine this with HTTP authentication, probably this method is more flexible. If you use Order and Require with

Satisfy Any

in a <Location /> or a <Directory /> block, then you can access this resource from everywhere. In this case, if you come from one of the IP addresses defined in the Allow line, you can access the URL as usual. However, if you come from another host, the webserver asks for username and password.

I hope that helped.

Block IPs in apache2

3 Answers3