You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "S.A. Birl" <sb...@concept.temple.edu> on 2005/03/20 19:48:27 UTC
[users@httpd] TCPwrappers
I couldnt properly search the archives (nor apache.org) for an answer:
Are the TCPwrappers supported?
Thanks.
Birl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] TCPwrappers
Posted by Noah <si...@onastick.net>.
On Mon, Mar 21, 2005 at 08:16:10AM +1200, Bruce Kingsbury wrote:
> On a semirelated note; I use this little cron job in an (fairly
> pointless and unsucessful) attempt to block address harvesters
> identified by the honeynet poject
>
> echo "" > html/.htaccess
>
> lynx --source http://www.projecthoneypot.org/bots_and_servers.php \
> | grep bnone | sed -es"/<\/a>//" -es"/.*>/deny from /" >> html/.htaccess
<random>
This could be better written as:
lynx --source http://www.projecthoneypot.org/bots_and_servers.php \
| grep bnone | sed -es"/<\/a>//" -es"/.*>/deny from /" >> html/.htaccess.tmp
(insert some code to sanity-check the result of the fetch here)
cp html/.htaccess html/.htaccess-prev
mv html/.htaccess.tmp html/.htaccess
This ensures that:
a) your current config is backed up
b) network timeouts to projecthoneypot.org don't leave you exposed
for $SOME_NUM seconds
</random>
--n
--
<huey> dd of=/dev/fd0 if=/dev/flippy bs=1024
<huey> ^^^ Making Flippy Floppy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] TCPwrappers
Posted by Bruce Kingsbury <zc...@maxnet.co.nz>.
S.A. Birl wrote:
>On Mar 21, Bruce Kingsbury (nospam-zcat@maxnet.co.nz.ns) typed:
>
>Bruce: I always thought tcpwrappers was deprecated. use iptables.
>
>
>Solaris 9 has IPtables? I thought that was a Linux thing.
>
>
I assume solaris has some equivalent firewalling feature.
On a semirelated note; I use this little cron job in an (fairly
pointless and unsucessful) attempt to block address harvesters
identified by the honeynet poject
echo "" > html/.htaccess
lynx --source http://www.projecthoneypot.org/bots_and_servers.php \
| grep bnone | sed -es"/<\/a>//" -es"/.*>/deny from /" >> html/.htaccess
Just sharing something before I hit you with the 'real' problem I
subscribed for ;-)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] TCPwrappers
Posted by "S.A. Birl" <sb...@concept.temple.edu>.
On Mar 21, Bruce Kingsbury (nospam-zcat@maxnet.co.nz.ns) typed:
Bruce: I always thought tcpwrappers was deprecated. use iptables.
Solaris 9 has IPtables? I thought that was a Linux thing.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] TCPwrappers
Posted by Noah <si...@onastick.net>.
On Mon, Mar 21, 2005 at 07:27:18AM +1200, Bruce Kingsbury wrote:
> S.A. Birl wrote:
>
> I always thought tcpwrappers was deprecated. use iptables.
Or IPFilter (solaris, {net,free}bsd, irix, hpux). Or pf (openbsd). ;)
--n
--
<huey> dd of=/dev/fd0 if=/dev/flippy bs=1024
<huey> ^^^ Making Flippy Floppy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] TCPwrappers
Posted by Bruce Kingsbury <zc...@maxnet.co.nz>.
S.A. Birl wrote:
>On Mar 20, Joshua Slive (nospam-jslive@gmail.com.ns) typed:
>
>Joshua: On Sun, 20 Mar 2005 13:48:27 -0500 (EST), S.A. Birl
>Joshua: <sb...@concept.temple.edu> wrote:
>Joshua: > I couldnt properly search the archives (nor apache.org) for an answer:
>Joshua: >
>Joshua: > Are the TCPwrappers supported?
>Joshua:
>Joshua: No. (Well, you could use them via inetd, but running apache in inetd
>Joshua: mode is not recommended.) Apache has its own access controls.
>Joshua:
>Joshua: I seem to recall someone having a module that allowed apache to read
>Joshua: /etc/hosts.(allow|deny). But I can't find it now.
>
>
>Im already using Apache's Deny,Allow rules.
>
>I have a list of IPs that I have permanently banned for trying hack me.
>
>However, Apache still accepts the connection and kicks back a 403. Im
>looking for a way for Apache to just ignore the connect like the
>TCPwrappers would do.
>
>Any idea on how to do that?
>
>
I always thought tcpwrappers was deprecated. use iptables.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] TCPwrappers
Posted by "S.A. Birl" <sb...@concept.temple.edu>.
On Mar 20, Joshua Slive (nospam-jslive@gmail.com.ns) typed:
Joshua: On Sun, 20 Mar 2005 13:48:27 -0500 (EST), S.A. Birl
Joshua: <sb...@concept.temple.edu> wrote:
Joshua: > I couldnt properly search the archives (nor apache.org) for an answer:
Joshua: >
Joshua: > Are the TCPwrappers supported?
Joshua:
Joshua: No. (Well, you could use them via inetd, but running apache in inetd
Joshua: mode is not recommended.) Apache has its own access controls.
Joshua:
Joshua: I seem to recall someone having a module that allowed apache to read
Joshua: /etc/hosts.(allow|deny). But I can't find it now.
Im already using Apache's Deny,Allow rules.
I have a list of IPs that I have permanently banned for trying hack me.
However, Apache still accepts the connection and kicks back a 403. Im
looking for a way for Apache to just ignore the connect like the
TCPwrappers would do.
Any idea on how to do that?
Thanks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] TCPwrappers
Posted by Joshua Slive <js...@gmail.com>.
On Sun, 20 Mar 2005 13:48:27 -0500 (EST), S.A. Birl
<sb...@concept.temple.edu> wrote:
> I couldnt properly search the archives (nor apache.org) for an answer:
>
> Are the TCPwrappers supported?
No. (Well, you could use them via inetd, but running apache in inetd
mode is not recommended.) Apache has its own access controls.
I seem to recall someone having a module that allowed apache to read
/etc/hosts.(allow|deny). But I can't find it now.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org