How to block ips to access my webserver

December 4, 2014 12.1k views

Hi All,

I need help for blocking multiple ip
actually from last 8-10 days multiple ip hitting my server from domain continously
so want to block this

Details of servers and services

Server Linux on EC2
LB(load balancer in AWS)

In aws they are not providing facilities to block ip before hitting the LB so we can't block the ip before the LB
and in LB security group also we can't block IPs in the security group

So following things i tried

Attempt 1 – Throght Lighttpd configuration

I added a module "mod_extforward" in lighttpd

then added extforward.forwarder = ("myip" => "trust")
to lighttpd.conf

and added this for blocking such IP's

$HTTP =~ "||||||||" {
url.access-deny = ( "" )

Attempt 2 – Blocking IP's throught IP tables firewall i blocked but its not working

/sbin/iptables -I INPUT -s -j DROP

Attempt 3 – Blocking IP's throught IP route add i blocked but its not working

/sbin/route add -host reject

Can anyone help me on this how to block this IP access in my server


2 Answers

You must add an IPTABLE rule in order to block a ip address. You've done it slightly incorrectly in your second attempt, unfortunately. Here's the correct way:

sudo iptables -A INPUT -s [IP ADDRESS] -j DROP

Replace the IP ADDRESS with the offending IP, and hit enter!

The -A stands for Append, and by doing so you will add the rule at the bottom of the table. When you tried earlier on, you used -I which stands for Insert - and the proper syntax for that would require an line number.

To see the line numbers, do:

sudo iptables -L --line-numbers

And to insert the rule at an specific line number, just do:

sudo iptables -I INPUT [linenumber] -s [IP ADDRESS] -j DROP

@peterpacz1 I agree with your method and to add on that you might want to take a look at fail2ban the instructions can be found at digital ocean community.
Hope that helps

by Etel Sverdlov
fail2ban provides a way to automatically protect virtual servers from malicious behavior. This tutorial shows you how to download the required EPEL repository needed to install Fail2Ban, copy the Configuration File, configure the fail2ban defaults, and configure the ssh defaults. This tutorial describes the required steps to set up fail2ban on CentOS.
Have another answer? Share your knowledge.