How to block ips to access my webserver

December 4, 2014 12.9k views

Hi All,

I need help for blocking multiple ip
actually from last 8-10 days multiple ip hitting my server from domain continously
so want to block this

Details of servers and services

Server Linux on EC2
LB(load balancer in AWS)

In aws they are not providing facilities to block ip before hitting the LB so we can't block the ip before the LB
and in LB security group also we can't block IPs in the security group

So following things i tried

Attempt 1 – Throght Lighttpd configuration

I added a module "mod_extforward" in lighttpd

then added extforward.forwarder = ("myip" => "trust")
to lighttpd.conf

and added this for blocking such IP's

$HTTP =~ "||||||||" {
url.access-deny = ( "" )

Attempt 2 – Blocking IP's throught IP tables firewall i blocked but its not working

/sbin/iptables -I INPUT -s -j DROP

Attempt 3 – Blocking IP's throught IP route add i blocked but its not working

/sbin/route add -host reject

Can anyone help me on this how to block this IP access in my server


2 Answers

You must add an IPTABLE rule in order to block a ip address. You've done it slightly incorrectly in your second attempt, unfortunately. Here's the correct way:

sudo iptables -A INPUT -s [IP ADDRESS] -j DROP

Replace the IP ADDRESS with the offending IP, and hit enter!

The -A stands for Append, and by doing so you will add the rule at the bottom of the table. When you tried earlier on, you used -I which stands for Insert - and the proper syntax for that would require an line number.

To see the line numbers, do:

sudo iptables -L --line-numbers

And to insert the rule at an specific line number, just do:

sudo iptables -I INPUT [linenumber] -s [IP ADDRESS] -j DROP
Have another answer? Share your knowledge.