Server-wide .htaccess
Server-wide .htaccess
I am getting pounded by hackers from RIPE and AsiaNet. My client would like me to block all access from overseas.
How can I create a server-wide .htaccess file? On each node or how about on Virtuozzo that actually has two virtual servers (they're small and the servers are beefy.)
How can I create a server-wide .htaccess file? On each node or how about on Virtuozzo that actually has two virtual servers (they're small and the servers are beefy.)
Re: Server-wide .htaccess
What about firewalling?
I've never tried it myself, but traffic to Containers goes via the Forward chain on the HN. So any rules in there apply to all containers. In theory.
China and Korea netblocks: http://okean.com/asianspamblocks.html
I've never tried it myself, but traffic to Containers goes via the Forward chain on the HN. So any rules in there apply to all containers. In theory.
China and Korea netblocks: http://okean.com/asianspamblocks.html
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: Server-wide .htaccess
Hey Faris!
Nice to see you. I can put them in our WatchGuard Peak X8000 but that will take a long time. I can't enter CDR's like 212/24.
Any suggestions on a .htaccess on the HN that will affect the containers?
Nice to see you. I can put them in our WatchGuard Peak X8000 but that will take a long time. I can't enter CDR's like 212/24.
Any suggestions on a .htaccess on the HN that will affect the containers?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Server-wide .htaccess
Big performance hit whenever you use .htaccess. Its faster to do geo-blocking in the firewall
Re: Server-wide .htaccess
Hey Scott! Good morning. I agree. I just can't enter CIDR's, just host ranges. I can import a text file and need to explore that. The firewall kicks butt!
Re: Server-wide .htaccess
I suspect even adding CIDRs would take ages if you had to add them one by one manually.
The text file import is probably the best option.
OR, just for these blocks, used the FORWARD chain on the HN.
OR, as there are only two Containers, adding them to the normal firewall in each container should not cause problems, even though you are effectively doubling the number of blocks that are strictly necessary.
If you don't have a firewall on the Containers themselves, adding APF might be an easy option - AFAIK its deny_host.rules file allows you to block by CIDR if you want.
The text file import is probably the best option.
OR, just for these blocks, used the FORWARD chain on the HN.
OR, as there are only two Containers, adding them to the normal firewall in each container should not cause problems, even though you are effectively doubling the number of blocks that are strictly necessary.
If you don't have a firewall on the Containers themselves, adding APF might be an easy option - AFAIK its deny_host.rules file allows you to block by CIDR if you want.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: Server-wide .htaccess
Excellent advice from both of you. I try not to ask too much of you...
Re: Server-wide .htaccess
OK. My firewall will accept CIDR's in this format:
123.0.0.1/23
I've looked and don't find a list
123.0.0.1/23
I've looked and don't find a list
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Server-wide .htaccess
If you're running ASL you can just add those to /etc/asl/blacklist and run service asl-firewall restart
Re: Server-wide .htaccess
I've been in the hospital so many times Scott that I have never installed ASL. I am struggling to hang on. I have been manually fighting each attack. This is a Plesk 9.3 server but yet I have Plesk 12. I need to rebuild a whole rack of servers. But I can hardly walk. See your PM's.
Re: Server-wide .htaccess
Check out http://dev.maxmind.com/geoip/geoip2/geo ... databases/ and https://www.countryipblocks.net/country_selection.php
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: Server-wide .htaccess
Thank you, Faris. As I mentioned privately to Scott you are amongst the good guys on the internet. You seem always willing to help a rookie, well not so much of a rookie anymore due to your help over the years. But thank you. If I may, God bless you.
Re: Server-wide .htaccess
Its a shame I'm not closer to you. There's a little matter of the Atlantic Ocean in the way.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: Server-wide .htaccess
I can swim... a little...
Re: Server-wide .htaccess
Tell you what -- move to Nevada. Then I'll come and stay with you for a bit.
I'm a bit of a Vegas fan. Not for the "sin city" or gambling side of things - I'm not really interested. But I do like everything else the place has to offer, at least for a week or so at a time.
I'm a bit of a Vegas fan. Not for the "sin city" or gambling side of things - I'm not really interested. But I do like everything else the place has to offer, at least for a week or so at a time.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>