Automatically block IP who requests certain URL

apache-2.2 centos firewall phpbb
11,903

Solution 1

This would be a job for Fail2Ban. You can use it to scan log files for particular expressions, and block using iptables based on those results.

fail2ban should be available in most distribution repositories, though you may have to add in optional repos.

Solution 2

Put solution from OP

Here's how:

  1. SSH to your server
  2. Because i'm in CentOS, cd /tmp
  3. Because i'm in CentOS, rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
  4. yum install fail2ban

  5. Edit /etc/fail2ban/jail.conf and add..

    [apache-banforum]
enabled = true
filter  = apache-banforum
logpath = /usr/local/apache/domlogs/website/website.co.uk <-- change to your log file
maxretry = 1
bantime = 60000
action = iptables-multiport[name=BanForum, port="http,https"]

  6. Create a file apache-banforum.conf in /etc/fail2ban/filter.d/ with

    failregex = ^<HOST> -.*"(GET|POST).*/forum/.*$
ignoreregex =

  7. /etc/init.d/fail2ban start

Solution 3

You can create an .htaccess file in the forum dirctory and put these the following lines may help to prtotect that url by accessing.

Order allow,deny Deny from all

Share:
11,903

Related videos on Youtube

beingalex
Author by

beingalex

Updated on September 18, 2022

Comments

  • beingalex
    beingalex almost 2 years

    One of our client's PHPBB (surprise, surprise) got hacked. I have taken it down by simply changing the directory name for now however the address example.com/forum/* is still getting hits from unsavory IPs. The server runs Apach on a CentOS box.

    I am no expert but would like to automatically block any IP that accesses the directory from ALL http/s requests on the box. Is there a simple solution to this? I do have root shell access.

  • beingalex
    beingalex almost 12 years
    This worked although I had to do some prior work before being able to install fail2ban. Thanks.
  • beingalex
    beingalex almost 12 years
    Good idea. I am hoping that by using my firewall the onslaught of hits will start to slow down though.
  • Toqeer
    Toqeer almost 12 years
    Yes firewall is better solution but if there are attacks on different ips and you dont know its better to block the site with .htaccess or some other way and then use the firewall rules, you are also on the right path of fail2ban

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Memory Ram too high in HTTPD processes
What is the proper iptables configuration for Apache Solr on CentOS?
What prevents a machine from responding to pings?
iptables rules not reloading on CentOS 6.x
Blocking outgoing connects with iptables
blocking port 80 via iptables
iptables blocking from internet side on eth1?
IPtables string match for some URLs
Open a port CentOS
Open multiple firewall ports in CentOS7