Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Very long entry in access log |
|
| Author |
|
walt
Joined: 24 Oct 2015
Posts: 25
|
 Posted: Sat 24 Oct '15 9:38 Post subject: Very long entry in access log |
 |
|
| Hello, I just noticed some strange long entries in my access log. There are four similar ones, from different ip addresses. Is this something that needs blocking/banning? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Fri 27 Nov '15 0:46 Post subject: |
|
|
it seems like a spam bot. Your can block it like
| Code: |
Define BADIPS "188.40 46.4 176.9 46.166 46.21 78.46 91.207.7.21 0.0.0.0 91.207.7.182 198.1.85.60 122.10.133.5"
<VirtualHost *:80>
...
<RequireAll>
Require all granted
Require not ip ${BADIPS}
</RequireAll>
...
</VirtualHost>
|
But much better would it be to block it on the OS firewall. |
|
| Back to top |
|
walt
Joined: 24 Oct 2015
Posts: 25
|
| Posted: Sun 06 Dec '15 21:40 Post subject: |
|
|
Thanks James! I was going to post a 'thank you' a while back, but sometimes those kinds of posts are frowned upon in other forums, so wasn't shure.
Since I was here posting another question, I had to pop in here and thank you.
I notice the 'post it' notes disappear after a while. I'll keep that in mind for next time.
I did add a list of banned ip's, and that cut down on a lot of suspicious accesses. This is what I'm using:
| Code: | # Allows serving 403.shtml file to denied ip addresses?
<Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from ...
deny from ...
|
Unfortunately all these 'deny' entries and also a lot of filtering is adding about 0.5s to my page load time. I guess that's just the way it has to be.
Here is some of my other htaccess code:
| Code: | RewriteCond %{REQUEST_METHOD} ^(delete|head|trace|track) [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]
RewriteRule ^(.*)$ - [F,L]
#RewriteCond %{REQUEST_URI} ^.*(|/).* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(,|;|:|<|>|">|"<|\\\.\.\\).* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(\=|\@|\[|\]|\^|\`|\{|\}|\~).* [NC,OR]
RewriteCond %{REQUEST_URI} ^.*(\'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
#RewriteCond %{REQUEST_URI} ^(?).* [NC]
RewriteRule ^(.*)$ - [F,L]
RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(HTTrack|clshttp|archiver|loader|email|nikto|miner|python).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|libwww\-perl|curl|wget|harvest|scan|grab|extract).* [NC]
RewriteRule ^(.*)$ - [F,L] |
I had to wait for the new month to start, to see how the changes are working. So far, DEC 6, all nice and quiet except for search engines and external links from people that are actually interested in my content, for the most part. The month is young though, so we'll see. |
|
| Back to top |
|
|
|
|
|
|
