开发者

Apache block an ip address from accessing the website

开发者 https://www.devze.com 2023-01-07 09:26 出处:网络
someone trying to access pages like //mysqladmin//scripts/setup.php Is it some hack attempt or .. ? If yes then how i can block its ip from acc开发者_如何学运维essing mine website ?

someone trying to access pages like

//mysqladmin//scripts/setup.php

Is it some hack attempt or .. ?

If yes then how i can block its ip from acc开发者_如何学运维essing mine website ?

Via htaccess or something else ?


As an update to this old question for those who still land here:

Order Allow Deny are deprecated as of Apache 2.4 and Require should be used.

<RequireAll>
    Require all granted
    Require not ip 1.2.3.4
</RequireAll>

Ranges, netmasks, etc. can also be specified.

https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html (Deprecated) https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require


To block special IP addresses you can put the following in a .htaccess file located in your directory, you like to restrict:

order allow,deny
deny from 1.2.3.4
allow from all

Where 1.2.3.4 is the IP you like to block.

But note that IP adresses change users and also attackers change IP adresses.

So this will not secure your application and potentially block leagal visitors.

The better solution will be to make sure your script does not accept malicious paths.

  1. Append a base path to the path you get from the user
  2. Make sure the path you get from the user does not contain '../'
0

精彩评论

暂无评论...
验证码 换一张
取 消