How to block clients by IP address from accessing certain URLs on my web server?

This may be more heavy weight than you're looking for, but you might consider using fail2ban (https://www.fail2ban.org). That's a tool that can monitor your log files and automatically ban addresses that generate logs that match a set of customizable patterns.


Don't. At best you'll achieve nothing but making your logs less cluttered; at worst you'll end up blocking legitimate visitors who happened to get (via DHCP) an IP address that used to belong to someone whose PC was infected as a botnet node.

The real problem here is the log clutter, and it can be solved just by configuring your logging to drop requests that are known vuln-scanning for vulns your site doesn't, and won't, have because you're not using the vulnerable frameworks they're scanning for. If you're concerned about complete loss of logging (perhaps they provide evidence suggesting who was responsible for a different attack, or when an attack began, etc.) then just throttling multiple log entries for junk URLs from a given IP in a short timespan should work better.


find the phpMyAdmin.conf in one of the httpd config directories and add deny 73.199.136.112 in allow / deny section of the config file and a require IP in the 2.4 section. I have put an example of the full config file below where I have the entries in reverse, i block everything but the allowed IP segments to access the tool.

[thebtm@server conf.d]# cat /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php
# 
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   AddDefaultCharset UTF-8

   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 10.10.26
       Require ip 192.168.56
       Require ip 127.0.0.1       
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 10.10.25
     Allow from 192.168.56
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

Tags:

Webserver

Firewall

Recent Posts