Deny Specific Incomming IP to Webserver
I would like to be able to deny specific IPs from ever hitting my Apache web
server. I can Deny them via the httpd.conf file, but that only stops them from getting my pages, they still know the server exists. I tried via the IP Security Policies in MMC but my test computer still showed up in the Apache log. Since I have port 80 forwarded through my SOHO router to my WebServer, is it possible to actually deny a specifi IP from seeing open port? Any suggestions of a non overly intrusive software firewall, or a built in ACL, or filter would be greatly appriciated. |
Deny Specific Incomming IP to Webserver
Ipsec should work if configured correctly and will block the IP at the
network layer before the application ever sees it. The link below may help with ipsec filtering policy configuration. Your SOHO router may or may not be able to do what you want depending on it's capabilities. "Real" firewalls would allow you to add a firewall rule that blocks access from a specific IP and the ordering of firewall rules is important to make sure the more specific rules are processed before the general rules. Ipsec rules are not dependant on the order they are listed but instead are assigned a weight with more specific rules taking precedence over general rules. Let me know if you still have problems with ipsec. --- Steve http://www.securityfocus.com/infocus/1559 "Yogi_Bear_79" wrote in message ... I would like to be able to deny specific IPs from ever hitting my Apache web server. I can Deny them via the httpd.conf file, but that only stops them from getting my pages, they still know the server exists. I tried via the IP Security Policies in MMC but my test computer still showed up in the Apache log. Since I have port 80 forwarded through my SOHO router to my WebServer, is it possible to actually deny a specifi IP from seeing open port? Any suggestions of a non overly intrusive software firewall, or a built in ACL, or filter would be greatly appriciated. |
Deny Specific Incomming IP to Webserver
Steve,
While I am reading the page you sent me, I wanted to let you know that my SOHO is a Linksys BEFCMU10. It appears the the FIREWALL portion is only for outbound..Seems odd that it wouldn't filter inbound "Steven L Umbach" wrote in message . .. Ipsec should work if configured correctly and will block the IP at the network layer before the application ever sees it. The link below may help with ipsec filtering policy configuration. Your SOHO router may or may not be able to do what you want depending on it's capabilities. "Real" firewalls would allow you to add a firewall rule that blocks access from a specific IP and the ordering of firewall rules is important to make sure the more specific rules are processed before the general rules. Ipsec rules are not dependant on the order they are listed but instead are assigned a weight with more specific rules taking precedence over general rules. Let me know if you still have problems with ipsec. --- Steve http://www.securityfocus.com/infocus/1559 "Yogi_Bear_79" wrote in message ... I would like to be able to deny specific IPs from ever hitting my Apache web server. I can Deny them via the httpd.conf file, but that only stops them from getting my pages, they still know the server exists. I tried via the IP Security Policies in MMC but my test computer still showed up in the Apache log. Since I have port 80 forwarded through my SOHO router to my WebServer, is it possible to actually deny a specifi IP from seeing open port? Any suggestions of a non overly intrusive software firewall, or a built in ACL, or filter would be greatly appriciated. |
Deny Specific Incomming IP to Webserver
"Yogi_Bear_79" wrote in message ... I would like to be able to deny specific IPs from ever hitting my Apache web server. I can Deny them via the httpd.conf file, but that only stops them from getting my pages, they still know the server exists. I tried via the IP Security Policies in MMC but my test computer still showed up in the Apache log. Since I have port 80 forwarded through my SOHO router to my WebServer, is it possible to actually deny a specifi IP from seeing open port? Any suggestions of a non overly intrusive software firewall, or a built in ACL, or filter would be greatly appriciated. Trying to keep your ISP from discovering you have a web server ? I know Comcast in the past has often probed looking for that sort of stuff. |
All times are GMT +1. The time now is 01:38 AM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright © 2004 - 2006 PCbanter
Comments are property of their posters