FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian ISP

 
 
LinkBack Thread Tools
 
Old 02-02-2008, 09:55 PM
Dan MacNeil
 
Default apache 'deny from' vs iptables

We got a few honeypot scripts:

awstats.pl
formmail.pl


.. that append 'deny from $REMOTE_ADDRESS' to:

/etc/apache/conf.d/naughty_ip.txt

Right now there 419 individual ip# in the file.

At what point is apache likely to slow down ?

Would things be faster with iptables ?


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 02-02-2008, 11:49 PM
Steve Suehring
 
Default apache 'deny from' vs iptables

On Sat, Feb 02, 2008 at 05:55:01PM -0500, Dan MacNeil wrote:
> Would things be faster with iptables ?

Yes, I would think so. By denying them at the Apache level, a TCP
connection must be setup whereas with iptables the connection would be
denied prior to getting to the Apache server. By denying it at the
kernel level (with iptables) you're saving Apache from having to deal
with the request at all.

You might also look for patterns in the IP addresses to find out if
there are subnets that can be denied with iptables rather than
individual addresses. Obviously doing so can have unintended side
effects if the subnet is too wide and you deny legitimate requests,
so it's a trade-off.

Also, you might want to analyze the IPs that are being denied. Over
time some of those entries are likely to become stale as the IP address
owners change. You'll probably notice some patterns of IP addresses or
networks that are always doing something bad while others are just one
time hits.

Steve


--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 04:20 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org