--"Fascism begins the moment a ruling class, fearing the people may use their political democracy to gain economic democracy, begins to destroy political democracy in order to retain its power of exploitation and special privilege." Tommy Douglas Jan 11, 2021, 17:09 by the...@sys-concept.com: > On 1/11/21 5:00 PM, the...@sys-concept.com wrote: > >> On 1/11/21 4:41 PM, Michael wrote: >> >>> On Monday, 11 January 2021 23:05:55 GMT the...@sys-concept.com wrote: >>> >>>> I've one persistent user (Russian IP) that is populating my apache log >>>> files. >>>> >>>> I tried 00_mod_log_config.conf >>>> >>>> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog >>>> CustomLog /var/log/apache2/deflate_log deflate env=!dontlog >>>> CustomLog /var/log/apache2/access_log common env=!dontlog >>>> >>>> But I still see this IP in my access_log. >>>> >>> >>> If it is the same IP address persistently attacking the server, I would be >>> tempted to block it, or the whole /24 subnet it belongs to, at the >>> perimeter >>> firewall. Of course, persistent actors will hop off another IP address, so >>> there are diminishing returns in this game. >>> >> >> I did block this IP and it is working >> Require not ip 45.93.201.0/24 >> >> I hardly resolve to blocking IP from log files, but if they try to >> ping/access your network 4 or 5 per second your log files will tend to grow. >> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog >> didn't work. >> >> Just today from about 7am to 4pm about 96K pings from this IP. >> > > I forgot to mention, my firewall doesn't have any capabilities to enter any > configuration in IP tables. > Maybe I'll look for one that does. > That would be the thing to do. You want everything logged, so you know what is happening. If you blocked the logging how would you know if they made progress. You want to know when people are trying to break in, and you want to know when their tactics change. Not logging it is like plugging your' ears and closing your' eyes while the battering ram is pounding your' door...
Re: [gentoo-user] preventing some IP's from from being logged in apache
mad . scientist . at . large Tue, 12 Jan 2021 00:15:41 -0800
- Re: [gentoo-user] preventing some IP's from f... mad . scientist . at . large
- Re: [gentoo-user] preventing some IP's f... J. Roeleveld
- Re: [gentoo-user] preventing some IP... thelma
- Re: [gentoo-user] preventing som... J. Roeleveld
- Re: [gentoo-user] preventing som... antlists
