Blocking from apache:
<Location />
Order Allow,Deny
Deny from <INSERT IP TO BLOCK HERE>
</Location>
You can block it at the network stack level too, this way apache does
not even see the request, ex on linux using iptables.
bye,
Frederik
On 09/30/2014 07:16 PM, Hans-Georg Scherneck wrote:
Hi,
I'm new to this, and I'm no specialist in Apache, sorry.
My site is bombarded by POST requests from a site identifying itself like
123.123.123.123.word.word.word.word
A "deny from" instruction with a string trying to match this in
.htaccess does not appear to work (though other abusers with simple
IP's I can get barred this way).
The leading IP is always a fake, and it is changed every time they
POST new crap. A safe criterion must focus on the word-part.
Do you have a working string for me? Can you suggest another method?
(I have made a change to the mailto.cgi script that sends the crap
into /dev/null, exploiting a mistake in the form data that they are
sending, but soon they'll find out, and I want to be a step ahead of
them).
Thanks in advance
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
