Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: mad.scientist.at.large@××××××××.com
To: Gentoo User <gentoo-user@l.g.o>
Subject: Re: [gentoo-user] preventing some IP's from from being logged in apache
Date: Tue, 12 Jan 2021 04:15:22
Message-Id: MQonUmi--3-2@tutanota.com
In Reply to: Re: [gentoo-user] preventing some IP's from from being logged in apache by thelma@sys-concept.com
1 --"Fascism begins the moment a ruling class, fearing the people may use their political democracy to gain economic democracy, begins to destroy political democracy in order to retain its power of exploitation and special privilege." Tommy Douglas
2
3
4
5
6 Jan 11, 2021, 17:09 by thelma@×××××××××××.com:
7
8 > On 1/11/21 5:00 PM, thelma@×××××××××××.com wrote:
9 >
10 >> On 1/11/21 4:41 PM, Michael wrote:
11 >>
12 >>> On Monday, 11 January 2021 23:05:55 GMT thelma@×××××××××××.com wrote:
13 >>>
14 >>>> I've one persistent user (Russian IP) that is populating my apache log
15 >>>> files.
16 >>>>
17 >>>> I tried 00_mod_log_config.conf
18 >>>>
19 >>>> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog
20 >>>> CustomLog /var/log/apache2/deflate_log deflate env=!dontlog
21 >>>> CustomLog /var/log/apache2/access_log common env=!dontlog
22 >>>>
23 >>>> But I still see this IP in my access_log.
24 >>>>
25 >>>
26 >>> If it is the same IP address persistently attacking the server, I would be
27 >>> tempted to block it, or the whole /24 subnet it belongs to, at the perimeter
28 >>> firewall. Of course, persistent actors will hop off another IP address, so
29 >>> there are diminishing returns in this game.
30 >>>
31 >>
32 >> I did block this IP and it is working
33 >> Require not ip 45.93.201.0/24
34 >>
35 >> I hardly resolve to blocking IP from log files, but if they try to ping/access your network 4 or 5 per second your log files will tend to grow.
36 >> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog
37 >> didn't work.
38 >>
39 >> Just today from about 7am to 4pm about 96K pings from this IP.
40 >>
41 >
42 > I forgot to mention, my firewall doesn't have any capabilities to enter any configuration in IP tables.
43 > Maybe I'll look for one that does.
44 >
45 That would be the thing to do.  You want everything logged, so you know what is happening.  If you blocked the logging how would you know if they made progress.  You want to know when people are trying to break in, and you want to know when their tactics change.  Not logging it is like plugging your' ears and closing your' eyes while the battering ram is pounding your' door...

Replies

Subject Author
Re: [gentoo-user] preventing some IP's from from being logged in apache thelma@×××××××××××.com
Report Message
Find on MARC Find on Google Groups