How to Block IPs with 6G Firewall
This quick post is aimed at users of the 6G Firewall. The latest 6G update removes the IP-address blocking section to improve firewall compatibility and implementation. So now with the IP section removed, you may be asking “how to block an IP address with 6G?” Well good news, this tutorial explains how to do it.
How to deny access based on IP address
First make sure you are running the latest version of the 6G Firewall. Also make sure that you understand the pros and cons of blocking IPs.
Next, locate the 6G:[USER AGENTS] section in the 6G Firewall. There, you will find two sections of code, one for older versions of Apache, and another for newer versions of Apache:
Older Apache
# Apache < 2.3
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</IfModule>
Newer Apache
# Apache >= 2.3
<IfModule mod_authz_core.c>
<RequireAll>
Require all Granted
Require not env bad_bot
</RequireAll>
</IfModule>
To block an IP address, you want to make sure that you are editing the correct section. You don’t need to edit both sections, only the one that matches your Apache version. Once you’ve determined which section to edit, skip ahead to one of the following:
Again, you don’t need to edit/modify both sets of rules. Only the one that matches your Apache version.
Apache < 2.3
Continue here if you are running Apache version < 2.3. To block/deny an IP address, add the following line:
Deny from 123.456.789
..to this code block:
# Apache < 2.3
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</IfModule>
Here is how it will look when added:
# Apache < 2.3
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
Deny from 123.456.789
</IfModule>
Notice the line added after the bad_bot rule. That is all that needs to be done. Here is an example showing how to block five imaginary IPs:
# Apache < 2.3
<IfModule !mod_authz_core.c>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
Deny from 123.456.789
Deny from 456.789.123
Deny from 789.123.456
Deny from 000.111.222
Deny from 333.444.555
</IfModule>
And so forth, you can block as many IP addresses as you want, but remember to keep an eye on performance if the number gets too crazy.
Apache >= 2.3
Continue here if you are running Apache version >= 2.3. To block/deny an IP address, add the following line:
Require not ip 123.456.789
..to this code block:
# Apache >= 2.3
<IfModule mod_authz_core.c>
<RequireAll>
Require all Granted
Require not env bad_bot
</RequireAll>
</IfModule>
Here is how it will look when added:
# Apache >= 2.3
<IfModule mod_authz_core.c>
<RequireAll>
Require all Granted
Require not env bad_bot
Require not ip 123.456.789
</RequireAll>
</IfModule>
Notice the line added after the bad_bot rule. That is all that needs to be done. Here is an example showing how to block five imaginary IPs:
# Apache >= 2.3
<IfModule mod_authz_core.c>
<RequireAll>
Require all Granted
Require not env bad_bot
Require not ip 123.456.789
Require not ip 456.789.123
Require not ip 789.123.456
Require not ip 000.111.222
Require not ip 333.444.555
</RequireAll>
</IfModule>
And so forth, you can block as many IP addresses as you want, but remember to keep an eye on performance if the number gets too insane.
About Blocking IP Addresses
Apache-based firewalls and blacklists can block just about any part of an URI request: IP address, user agent, request string, query string, referrer, and everything in between. But IP addresses change constantly, and user agents and referrers are easily spoofed. As discussed, blocking via request string yields the best results: greater protection with fewer false positives.
With that in mind, the 6G Firewall makes it easy to deny access based on IP address. This provides a convenient way for admins to block unwanted visitors and bots. But keep in mind that denying access based on IP is a temporary strategy, best suited for quickly blocking specific threats.
from Perishable Press https://ift.tt/2Ka39f7
Comments
Post a Comment