By mymedeesite
Hi All,
I need help for blocking multiple ip actually from last 8-10 days multiple ip hitting my server from susapi.lenovomm.com domain continously so want to block this
Details of servers and services
Server Linux on EC2 Lighttpd LB(load balancer in AWS)
In aws they are not providing facilities to block ip before hitting the LB so we can’t block the ip before the LB and in LB security group also we can’t block IPs in the security group
So following things i tried
Attempt 1 – Throght Lighttpd configuration
I added a module “mod_extforward” in lighttpd
then added extforward.forwarder = ("myip" => "trust")
to lighttpd.conf
and added this for blocking such IP’s
$HTTP =~ "203.82.66.237|203.82.66.231|203.82.66.239|203.82.66.230|203.82.66.233|203.82.66.235|203.82.66.238|203.82.66.228|" {
url.access-deny = ( "" )
}
Attempt 2 – Blocking IP’s throught IP tables firewall i blocked but its not working
/sbin/iptables -I INPUT -s 203.82.66.237 -j DROP
Attempt 3 – Blocking IP’s throught IP route add i blocked but its not working
/sbin/route add -host 203.82.66.239 reject
Can anyone help me on this how to block this IP access in my server
Regards Nitesh
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
You must add an IPTABLE rule in order to block a ip address. You’ve done it slightly incorrectly in your second attempt, unfortunately. Here’s the correct way:
sudo iptables -A INPUT -s [IP ADDRESS] -j DROP
Replace the IP ADDRESS with the offending IP, and hit enter!
The -A stands for Append, and by doing so you will add the rule at the bottom of the table. When you tried earlier on, you used -I which stands for Insert - and the proper syntax for that would require an line number.
To see the line numbers, do:
sudo iptables -L --line-numbers
And to insert the rule at an specific line number, just do:
sudo iptables -I INPUT [linenumber] -s [IP ADDRESS] -j DROP
This comment has been deleted
Heya,
-
Your approach using the
mod_extforwardmodule and blocking IP addresses in lighttpd should work. Ensure that you’ve reloaded or restarted the lighttpd service after making the configuration changes. Also, double-check the syntax of your configuration for any errors. -
iptables (Attempt 2): If you’re using iptables to block IP addresses, make sure you’ve saved the rules after adding them. Use the following commands to save your iptables rules:
- sudo service iptables save sudo service iptables restart
Additionally, you may need to check if there are any other rules in your iptables configuration that might be conflicting or allowing the traffic.
The ip route add command is typically used for routing rather than blocking traffic. Instead, you should use the iptables command to block traffic. You can remove the rule you added with the following command:
- sudo iptables -D INPUT -s 203.82.66.237 -j DROP
Remember that blocking IPs should be done carefully to avoid unintended consequences, such as blocking legitimate users. Always maintain a backup of your configuration and have a plan for handling false positives or unintended blocks.
Hope that this helps!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.