My requirement is:
- Block suspicious ip addresses on apache level, I have a list which contains millions or ip addresses with cidr.
- If blocked ip hits the site then they should get some message saying that they are blocked (I can use ErrorDocument)
- Log who all are being blocked (403 Error document will redirect to another page and check the hits to that page)
Apache server is behind elb on amazon EC2, so I have to check for X-Forwarded-For, in below configuration “SetEnvIf CLIENTIP “192.168.1.0/24″ block” doesn’t work, looks like it needs ip address instead of cidr, is there any way I can block the hits from millions of cidr ranges I have ?
SetEnvIf REMOTE_ADDR "(.+)" CLIENTIP=$1 SetEnvIf X-Forwarded-For "^([0-9.]+)" CLIENTIP=$1 SetEnvIf CLIENTIP "192.168.1.0/24" block # this doesnt work SetEnvIf CLIENTIP "192.168.1.5" block # this works Order allow,deny Allow from all Deny from env=block
This doesn’t work because
Deny from env will deny whenever the specified variable exists, regardless of its content, and SetEnvIf just does an exact match for the text you gave.
Since you’re behind an ELB you need to use something like
mod_rpaf to pull in the actual IP address so Apache can work with it directly. Then you can just use the CIDR ranges in
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.