Question

How to block ips to access my webserver

Posted December 4, 2014 14.9k views

Hi All,

I need help for blocking multiple ip
actually from last 8-10 days multiple ip hitting my server from susapi.lenovomm.com domain continously
so want to block this

Details of servers and services

Server Linux on EC2
Lighttpd
LB(load balancer in AWS)

In aws they are not providing facilities to block ip before hitting the LB so we can’t block the ip before the LB
and in LB security group also we can’t block IPs in the security group

So following things i tried

Attempt 1 – Throght Lighttpd configuration

I added a module “mod_extforward” in lighttpd

then added extforward.forwarder = ("myip" => "trust")
to lighttpd.conf

and added this for blocking such IP’s

$HTTP =~ "203.82.66.237|203.82.66.231|203.82.66.239|203.82.66.230|203.82.66.233|203.82.66.235|203.82.66.238|203.82.66.228|" {
url.access-deny = ( "" )
}

Attempt 2 – Blocking IP’s throught IP tables firewall i blocked but its not working

/sbin/iptables -I INPUT -s 203.82.66.237 -j DROP

Attempt 3 – Blocking IP’s throught IP route add i blocked but its not working

/sbin/route add -host 203.82.66.239 reject

Can anyone help me on this how to block this IP access in my server

Regards
Nitesh

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

You must add an IPTABLE rule in order to block a ip address. You’ve done it slightly incorrectly in your second attempt, unfortunately. Here’s the correct way:

sudo iptables -A INPUT -s [IP ADDRESS] -j DROP

Replace the IP ADDRESS with the offending IP, and hit enter!

The -A stands for Append, and by doing so you will add the rule at the bottom of the table. When you tried earlier on, you used -I which stands for Insert - and the proper syntax for that would require an line number.

To see the line numbers, do:

sudo iptables -L --line-numbers

And to insert the rule at an specific line number, just do:

sudo iptables -I INPUT [linenumber] -s [IP ADDRESS] -j DROP
Submit an Answer