• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Blocking IP's with Apache

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux

View previous topic :: View next topic  
Author Message
Mikefc626
Just Arrived
Just Arrived


Joined: 07 Apr 2005
Posts: 0
Location: here

Offline

PostPosted: Thu Apr 14, 2005 12:56 am    Post subject: Blocking IP's with Apache Reply with quote

I posted a few days ago about some security probs I have been having with Apache, and have since solved them for the most part. I am now experimenting with blocking specific IP's from ppl from places like China, Japan, Germany, etc (I only run a file server for myself and some friends, none of which I know in other countries so I figured it would be alright to filter out the spammers based on their respective IP's/ countries). I also figured out how to block full subnets. The command to enter into the http.conf file for such is something along the lines of "Deny from 123.456.789.0/24", but I don't understand what the 24 at the end is or what is stands for, and I don't understand why when I change it to 25 it still blocks me just the same. I'd like to block higher up the ladder -- something like "Deny from 123.456.0.0" where it would block more nets, so I didn't have to enter in so many different networks. Does anyone know how to do this? "Deny from 123.456.0.0/24" doesn't work.

Also, in my testing, I blocked myself out, and got a forbidden screen, but I don't possess the know how to try to punch my way into my server, so I was wondering if the ppl I'm trying to keep out will only be forbidden from seeing my files in their browser like I was, or are they unable to get ANYTHING back from the server in any way, shape, or form?
Back to top
View user's profile Send private message Send e-mail
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Thu Apr 14, 2005 1:19 am    Post subject: Reply with quote

Regarding the subnets and what the /24 stands for, I suggest you read the following post by Ants for a good explanation: http://www.security-forums.com/forum/viewtopic.php?t=26868#160449

I would explain it here but why repeat what's already been said Smile
Back to top
View user's profile Send private message
ElToro
Just Arrived
Just Arrived


Joined: 21 Jun 2004
Posts: 0


Offline

PostPosted: Thu Apr 14, 2005 1:24 am    Post subject: Reply with quote

The /24 is CIDR notation for a subnet mask. Each Octet in an IP address is made up of 8 bits. This number is the number of bits to mask. /24 is the equivalent of 255.255.255.0 which is normally a class C network. If you want to describe a class B network then use /16 which is the same as 255.255.0.0.

Using IP addresses as a means of screening is usually not very effective. Anyone using a proxy can easily bypass this screening. At a minimum, I would use the .htaccess file to create a password at the root document directory. That way anything accessed on the site will require this password. Also, you would be better off blocking the IPs before the packets get to Apache using either a firewall on the webserver machine and/or your gateway device. That would give you multiple layers of defense in case some exploit was found in Apache or the OS.

If you provide the OS on the webserver and the name of your gateway device I can provide some more detailed help.
Back to top
View user's profile Send private message
Mikefc626
Just Arrived
Just Arrived


Joined: 07 Apr 2005
Posts: 0
Location: here

Offline

PostPosted: Thu Apr 14, 2005 5:47 am    Post subject: Reply with quote

Hey thanks guys you're great. Deciphering.... Deciphering... Hey I think I got it Razz So the app is reading each bit, from left to right, correct? So to block, maybe, a whole continent or something, or I guess probably a whole ISP, like one from China, it would be something more along the lines of 123.0.0.0/8, where it's only reading the first byte, correct? If that does actually apply to such a large example, and I guess in other words the allow command can be replicated as simply 123.456.789.101/32? I know that would be dumb to do, but am I right?

I am running Apache 2.0.53, Windows 2003 server SP1, and a 2wire dsl modem (which I think is one of the greatest modems I have ever set up/ used, but that's a debate 4 another day Wink )

Of course, now that I have more info to play around my server with, my modem would quit allowing all access from the net................
Back to top
View user's profile Send private message Send e-mail
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Thu Apr 14, 2005 6:44 pm    Post subject: Reply with quote

mpkn3rd wrote:
For instance 123.456.789.0/31 has a host range of 123.456.789.1 to 123.456.789.2. With a broadcast address of 123.456.789.3.

Not to disagree with what you said, but regarding the specific example of a /31 mask, wouldn't it in fact be invalid (at least in IPv4), as it has no valid hosts?

If you only have 1 bit (32 - 31) for the host, you in effect have no valid hosts, as the only two possible host values are 0 (network address) and 1 (broadcast address)...

Perhaps you meant /30? Or am I missing something?
Back to top
View user's profile Send private message
monkranter
Just Arrived
Just Arrived


Joined: 17 Mar 2005
Posts: 0
Location: Texas, USA

Offline

PostPosted: Thu Apr 14, 2005 7:13 pm    Post subject: Reply with quote

Way to keep mpkn3rd on his toes, capi. Smile
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Thu Apr 14, 2005 7:24 pm    Post subject: Reply with quote

Not at all, it was clearly a minor typing mistake; I just thought I'd note it, to avoid potential confusion for Mikefc626, or anyone not familiar with subnetting who happened to read this thread.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> UNIX // GNU/Linux All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register