Automatically block IP who requests certain URL
Solution 1
This would be a job for Fail2Ban. You can use it to scan log files for particular expressions, and block using iptables based on those results.
fail2ban should be available in most distribution repositories, though you may have to add in optional repos.
Solution 2
Put solution from OP
Here's how:
- SSH to your server
- Because i'm in CentOS,
cd /tmp
- Because i'm in CentOS,
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
yum install fail2ban
-
Edit
/etc/fail2ban/jail.conf
and add..[apache-banforum] enabled = true filter = apache-banforum logpath = /usr/local/apache/domlogs/website/website.co.uk <-- change to your log file maxretry = 1 bantime = 60000 action = iptables-multiport[name=BanForum, port="http,https"]
-
Create a file
apache-banforum.conf
in/etc/fail2ban/filter.d/
withfailregex = ^<HOST> -.*"(GET|POST).*/forum/.*$ ignoreregex =
/etc/init.d/fail2ban start
Solution 3
You can create an .htaccess file in the forum dirctory and put these the following lines may help to prtotect that url by accessing.
Order allow,deny
Deny from all
Related videos on Youtube
![beingalex](https://i.stack.imgur.com/CA2Zz.jpg?s=256&g=1)
beingalex
Updated on September 18, 2022Comments
-
beingalex almost 2 years
One of our client's PHPBB (surprise, surprise) got hacked. I have taken it down by simply changing the directory name for now however the address
example.com/forum/*
is still getting hits from unsavory IPs. The server runs Apach on a CentOS box.I am no expert but would like to automatically block any IP that accesses the directory from ALL http/s requests on the box. Is there a simple solution to this? I do have root shell access.
-
beingalex almost 12 yearsThis worked although I had to do some prior work before being able to install fail2ban. Thanks.
-
beingalex almost 12 yearsGood idea. I am hoping that by using my firewall the onslaught of hits will start to slow down though.
-
Toqeer almost 12 yearsYes firewall is better solution but if there are attacks on different ips and you dont know its better to block the site with .htaccess or some other way and then use the firewall rules, you are also on the right path of fail2ban