How to block ips to access my webserver

Hi All,

I need help for blocking multiple ip actually from last 8-10 days multiple ip hitting my server from domain continously so want to block this

Details of servers and services

Server Linux on EC2 Lighttpd LB(load balancer in AWS)

In aws they are not providing facilities to block ip before hitting the LB so we can’t block the ip before the LB and in LB security group also we can’t block IPs in the security group

So following things i tried

Attempt 1 – Throght Lighttpd configuration

I added a module “mod_extforward” in lighttpd

then added extforward.forwarder = ("myip" => "trust") to lighttpd.conf

and added this for blocking such IP’s

$HTTP =~ "||||||||" {
url.access-deny = ( "" )

Attempt 2 – Blocking IP’s throught IP tables firewall i blocked but its not working

/sbin/iptables -I INPUT -s -j DROP

Attempt 3 – Blocking IP’s throught IP route add i blocked but its not working

/sbin/route add -host reject

Can anyone help me on this how to block this IP access in my server

Regards Nitesh

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

You must add an IPTABLE rule in order to block a ip address. You’ve done it slightly incorrectly in your second attempt, unfortunately. Here’s the correct way:

sudo iptables -A INPUT -s [IP ADDRESS] -j DROP

Replace the IP ADDRESS with the offending IP, and hit enter!

The -A stands for Append, and by doing so you will add the rule at the bottom of the table. When you tried earlier on, you used -I which stands for Insert - and the proper syntax for that would require an line number.

To see the line numbers, do:

sudo iptables -L --line-numbers

And to insert the rule at an specific line number, just do:

sudo iptables -I INPUT [linenumber] -s [IP ADDRESS] -j DROP

This comment has been deleted