How to activate ufw for Apache ?

I followed your tutorial to install Apache/Tomcat 8.5 on Debian. Then I followed your advice to install ufw. However Apache does not show in “ufw app list” and it does not seem to filter IP addresses I added with “ufw deny from” Example: ufw deny from /var/log/apache2/access.log … - - [26/Dec/2019:07:41:24 +0100] "GET /myWebApp/servlet/ etc … What have I missed ?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Site Moderator
Site Moderator badge
December 26, 2019
Accepted Answer

Hi @ZajaczkowskiMathias,

I’ll most probably guess you have put the rule at the bottom. The order of the firewall rules is important. Since you have allowed port 80 for all( I would only assume) at the beginning, this rule will match for all request and the deny rule that comes later will never be matched.

So, if you need to block something particularly, put it at the beginning and then allow all.

To see your rules with a reference number, use this:

sudo ufw status numbered

Then remove the deny rule first that you have added:

sudo ufw delete rule_number_here

Then add it again at the top:

sudo ufw insert 1 deny from xx.xx.xx.xx to any

Regards, KDSys

Hi KDSys, Thanks a lot for your help. Your guess about the place where I put the rule is right!

My ufw status says: Status: active

 To                         Action      From
 --                         ------      ----

[ 1] 22 DENY IN Anywhere [ 2] 50683 ALLOW IN Anywhere [ 3] 80 DENY IN Anywhere [ 4] 443 ALLOW IN Anywhere [ 5] Anywhere DENY IN [ 6] 5432 ALLOW IN Anywhere [ 7] 5555 ALLOW IN Anywhere [ 8] Anywhere DENY IN [ 9] Anywhere DENY IN [10] Anywhere DENY IN [11] Anywhere DENY IN [12] Anywhere DENY IN [13] Anywhere DENY IN [14] Anywhere DENY IN [15] Anywhere DENY IN [16] Anywhere DENY IN [17] Anywhere DENY IN [18] Anywhere DENY IN [19] Anywhere DENY IN [20] Anywhere DENY IN [21] 22 DENY IN Anywhere (v6) [22] 50683 ALLOW IN Anywhere (v6) [23] 80 DENY IN Anywhere (v6) [24] 443 ALLOW IN Anywhere (v6) [25] 5432 ALLOW IN Anywhere (v6) [26] 5555 ALLOW IN Anywhere (v6)

So if I understand you correctly I have to: ufw delete 15 ufw insert 1 deny from to any

That’s what I did and now ufw staus says: Status: active

 To                         Action      From
 --                         ------      ----

[ 1] Anywhere DENY IN [ 2] 22 DENY IN Anywhere [ 3] 50683 ALLOW IN Anywhere [ 4] 80 DENY IN Anywhere [ 5] 443 ALLOW IN Anywhere etc …

Does it look correct ? I’ll check soon my ufw.log and if I see some blocked, I’ll repeat it for my other DENY’s with ufw insert 2(3,4, etc) deny from …

Do I have to do something similar for v6 rules ?

Kind regards.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel