1 |
On 1/11/21 4:41 PM, Michael wrote: |
2 |
> On Monday, 11 January 2021 23:05:55 GMT thelma@×××××××××××.com wrote: |
3 |
>> I've one persistent user (Russian IP) that is populating my apache log |
4 |
>> files. |
5 |
>> |
6 |
>> I tried 00_mod_log_config.conf |
7 |
>> |
8 |
>> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog |
9 |
>> CustomLog /var/log/apache2/deflate_log deflate env=!dontlog |
10 |
>> CustomLog /var/log/apache2/access_log common env=!dontlog |
11 |
>> |
12 |
>> But I still see this IP in my access_log. |
13 |
> |
14 |
> If it is the same IP address persistently attacking the server, I would be |
15 |
> tempted to block it, or the whole /24 subnet it belongs to, at the perimeter |
16 |
> firewall. Of course, persistent actors will hop off another IP address, so |
17 |
> there are diminishing returns in this game. |
18 |
|
19 |
I did block this IP and it is working |
20 |
Require not ip 45.93.201.0/24 |
21 |
|
22 |
I hardly resolve to blocking IP from log files, but if they try to ping/access your network 4 or 5 per second your log files will tend to grow. |
23 |
SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog |
24 |
didn't work. |
25 |
|
26 |
Just today from about 7am to 4pm about 96K pings from this IP. |