1 |
On Monday, 11 January 2021 23:05:55 GMT thelma@×××××××××××.com wrote: |
2 |
> I've one persistent user (Russian IP) that is populating my apache log |
3 |
> files. |
4 |
> |
5 |
> I tried 00_mod_log_config.conf |
6 |
> |
7 |
> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog |
8 |
> CustomLog /var/log/apache2/deflate_log deflate env=!dontlog |
9 |
> CustomLog /var/log/apache2/access_log common env=!dontlog |
10 |
> |
11 |
> But I still see this IP in my access_log. |
12 |
|
13 |
If it is the same IP address persistently attacking the server, I would be |
14 |
tempted to block it, or the whole /24 subnet it belongs to, at the perimeter |
15 |
firewall. Of course, persistent actors will hop off another IP address, so |
16 |
there are diminishing returns in this game. |