On Monday, 11 January 2021 23:05:55 GMT the...@sys-concept.com wrote: > I've one persistent user (Russian IP) that is populating my apache log > files. > > I tried 00_mod_log_config.conf > > SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog > CustomLog /var/log/apache2/deflate_log deflate env=!dontlog > CustomLog /var/log/apache2/access_log common env=!dontlog > > But I still see this IP in my access_log.
If it is the same IP address persistently attacking the server, I would be tempted to block it, or the whole /24 subnet it belongs to, at the perimeter firewall. Of course, persistent actors will hop off another IP address, so there are diminishing returns in this game.
signature.asc
Description: This is a digitally signed message part.
