You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by el kalin <ka...@el.net> on 2015/03/14 00:17:48 UTC
[users@httpd] ESTABLISHED connections
if i have this in the
<Directory "/server/doc/root">
Order allow,deny
Allow from all
deny from 111.10.250.188
</Directory>
how come this:
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21806
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21805
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23202
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23188
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22544
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22490
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23364
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23365
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22825
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22751
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22561
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22340
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22339
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23151
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23159
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22698
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22512
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22457
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22416
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22403
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23377
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23376
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23105
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23108
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22803
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22135
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.dcap
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21924
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21923
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23329
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23319
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22546
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22545
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22139
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21694
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21658
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23075
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23074
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23026
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23025
ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.inovapo
ESTABLISHED
this is growing with every netstat i do. any ideas???
thanks…
Re: [users@httpd] ESTABLISHED connections
Posted by Mark Montague <ma...@catseye.org>.
On 2015-03-13 19:17, el kalin wrote:
> if i have this in the
>
> <Directory "/server/doc/root">
> Order allow,deny
> Allow from all
> deny from 111.10.250.188
> </Directory>
>
> how come this:
>
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21806
> ESTABLISHED
Your configuration says "do not serve anything from the filesystem under
/server/doc/root to IP address 111.10.250.188". But httpd does not know
what the client will request, until the client connects and actually
makes the request. The client might ask for something else that httpd
is allowed to serve to 111.10.250.188.
If you want to prevent the client from connecting, instead of
restricting what the client is allowed to request after it connects, use
a firewall.
--
Mark Montague
mark@catseye.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] ESTABLISHED connections
Posted by Gary Smith <Ga...@holdstead.com>.
But isn't that what he's trying to do or did I misread it? He wants to deny everything on the block list (i.e. the one IP) and allow everything else.
________________________________________
From: Eric Covener [covener@gmail.com]
Sent: Friday, March 13, 2015 4:44 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] ESTABLISHED connections
On Fri, Mar 13, 2015 at 7:21 PM, Gary Smith <Ga...@holdstead.com> wrote:
> Order deny,allow
>
> Allow from all
> deny from 111.10.250.188
"deny,allow" means deny directives are processed before allow
directives. So this is clearly wrong.
95% of the time, if the order in the config differs from the order in
the Order directive itself, it's probably worth a second look.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] ESTABLISHED connections
Posted by Eric Covener <co...@gmail.com>.
On Fri, Mar 13, 2015 at 7:21 PM, Gary Smith <Ga...@holdstead.com> wrote:
> Order deny,allow
>
> Allow from all
> deny from 111.10.250.188
"deny,allow" means deny directives are processed before allow
directives. So this is clearly wrong.
95% of the time, if the order in the config differs from the order in
the Order directive itself, it's probably worth a second look.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] ESTABLISHED connections
Posted by Gary Smith <Ga...@holdstead.com>.
Try flipping the order to deny first. This is a first match rule IIRC, and since the first rule is Allow from all, the deny isn't hit.
<Directory "/server/doc/root">
Order deny,allow
Allow from all
deny from 111.10.250.188
</Directory>
Sorry for the top post...
________________________________
From: el kalin [kalin@el.net]
Sent: Friday, March 13, 2015 4:17 PM
To: users@httpd.apache.org
Subject: [users@httpd] ESTABLISHED connections
if i have this in the
<Directory "/server/doc/root">
Order allow,deny
Allow from all
deny from 111.10.250.188
</Directory>
how come this:
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21806 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21805 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23202 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23188 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22544 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22490 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23364 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23365 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22825 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22751 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22561 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22340 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22339 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23151 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23159 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22698 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22512 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22457 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22416 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22403 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23377 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23376 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23105 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23108 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22803 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22135 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.dcap ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21924 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21923 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23329 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23319 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22546 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22545 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22139 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21694 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21658 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23075 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23074 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23026 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23025 ESTABLISHED
tcp 0 0 ip-10-102-190-93.http 111.10.250.188.inovapo ESTABLISHED
this is growing with every netstat i do. any ideas???
thanks…
Re: [users@httpd] ESTABLISHED connections
Posted by Igor Cicimov <ic...@gmail.com>.
On 14/03/2015 2:21 PM, "el kalin" <ka...@el.net> wrote:
>
> i don't see it in package ports…
>
> On Fri, Mar 13, 2015 at 7:59 PM, Jim Albert <ji...@netrition.com> wrote:
>>
>> On 3/13/2015 7:54 PM, el kalin wrote:
>>>
>>>
>>>
>>> On Fri, Mar 13, 2015 at 7:36 PM, Jim Albert <jim@netrition.com
>>> <ma...@netrition.com>> wrote:
>>>
>>> On 3/13/2015 7:17 PM, el kalin wrote:
>>>
>>>
>>> if i have this in the
>>>
>>> <Directory "/server/doc/root">
>>>
>>> Order allow,deny
>>> Allow from all
>>> deny from 111.10.250.188
>>> </Directory>
>>> ESTABLISHED
>>> tcp 0 0 ip-10-102-190-93.http
111.10.250.188.inovapo
>>> ESTABLISHED
>>>
>>>
>>> this is growing with every netstat i do. any ideas???
>>>
>>> thanks…
>>>
>>>
>>> I believe your Order allow, deny is correct.
>>>
>>>
>>> i believe so too...
>>>
>>> You are controlling what can be served by Apache, but not the actual
>>> network connection to your Apache server, hence the continued
>>> entries in your connection table. I would assume your Apache error
>>> log is spewing lots of access denied or such errors indicating your
>>> deny is working.
>>>
>>>
>>> If you really want to keep a given an IP address completely out of
>>> Apache, block it in iptables or better yet the firewall behind which
>>> your Apache server sits, but iptables will do it.
>>>
>>>
>>> i'm aware. the problem is that this is an netbsd ec2 (amazon instance)
>>> and the only "firewall" right now is the security groups that service
>>> offers. those are not meant to block individual ips. they are rather all
>>> exclusive. so my only other option was pf. which i'm used to but it
>>> appears that the whole dynamic kernel module loading is screwed up
>>> because of the kernel build to fit xen… and so on…
>>
>>
>> iptables?
>>
>>
>> --
>> Jim Albert
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
Thought I would mention another option just for the record. If you compile
apache yourself you can compile it with libwrap support and use tcp
wrappers to deny host. Put the host in /etc/hosts.deny and you are done.
httpd: 111.10.250.188/32
or
apache2: 111.10.250.188/32
depends on the name of your binary.
Re: [users@httpd] ESTABLISHED connections
Posted by el kalin <ka...@el.net>.
i don't see it in package ports…
On Fri, Mar 13, 2015 at 7:59 PM, Jim Albert <ji...@netrition.com> wrote:
> On 3/13/2015 7:54 PM, el kalin wrote:
>
>>
>>
>> On Fri, Mar 13, 2015 at 7:36 PM, Jim Albert <jim@netrition.com
>> <ma...@netrition.com>> wrote:
>>
>> On 3/13/2015 7:17 PM, el kalin wrote:
>>
>>
>> if i have this in the
>>
>> <Directory "/server/doc/root">
>>
>> Order allow,deny
>> Allow from all
>> deny from 111.10.250.188
>> </Directory>
>> ESTABLISHED
>> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.inovapo
>> ESTABLISHED
>>
>>
>> this is growing with every netstat i do. any ideas???
>>
>> thanks…
>>
>>
>> I believe your Order allow, deny is correct.
>>
>>
>> i believe so too...
>>
>> You are controlling what can be served by Apache, but not the actual
>> network connection to your Apache server, hence the continued
>> entries in your connection table. I would assume your Apache error
>> log is spewing lots of access denied or such errors indicating your
>> deny is working.
>>
>>
>> If you really want to keep a given an IP address completely out of
>> Apache, block it in iptables or better yet the firewall behind which
>> your Apache server sits, but iptables will do it.
>>
>>
>> i'm aware. the problem is that this is an netbsd ec2 (amazon instance)
>> and the only "firewall" right now is the security groups that service
>> offers. those are not meant to block individual ips. they are rather all
>> exclusive. so my only other option was pf. which i'm used to but it
>> appears that the whole dynamic kernel module loading is screwed up
>> because of the kernel build to fit xen… and so on…
>>
>
> iptables?
>
>
> --
> Jim Albert
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] ESTABLISHED connections
Posted by Jim Albert <ji...@netrition.com>.
On 3/13/2015 7:54 PM, el kalin wrote:
>
>
> On Fri, Mar 13, 2015 at 7:36 PM, Jim Albert <jim@netrition.com
> <ma...@netrition.com>> wrote:
>
> On 3/13/2015 7:17 PM, el kalin wrote:
>
>
> if i have this in the
>
> <Directory "/server/doc/root">
>
> Order allow,deny
> Allow from all
> deny from 111.10.250.188
> </Directory>
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.inovapo
> ESTABLISHED
>
>
> this is growing with every netstat i do. any ideas???
>
> thanks…
>
>
> I believe your Order allow, deny is correct.
>
>
> i believe so too...
>
> You are controlling what can be served by Apache, but not the actual
> network connection to your Apache server, hence the continued
> entries in your connection table. I would assume your Apache error
> log is spewing lots of access denied or such errors indicating your
> deny is working.
>
>
> If you really want to keep a given an IP address completely out of
> Apache, block it in iptables or better yet the firewall behind which
> your Apache server sits, but iptables will do it.
>
>
> i'm aware. the problem is that this is an netbsd ec2 (amazon instance)
> and the only "firewall" right now is the security groups that service
> offers. those are not meant to block individual ips. they are rather all
> exclusive. so my only other option was pf. which i'm used to but it
> appears that the whole dynamic kernel module loading is screwed up
> because of the kernel build to fit xen… and so on…
iptables?
--
Jim Albert
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] ESTABLISHED connections
Posted by el kalin <ka...@el.net>.
On Fri, Mar 13, 2015 at 7:36 PM, Jim Albert <ji...@netrition.com> wrote:
> On 3/13/2015 7:17 PM, el kalin wrote:
>
>>
>> if i have this in the
>>
>> <Directory "/server/doc/root">
>>
>> Order allow,deny
>> Allow from all
>> deny from 111.10.250.188
>> </Directory>
>> ESTABLISHED
>> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.inovapo
>> ESTABLISHED
>>
>>
>> this is growing with every netstat i do. any ideas???
>>
>> thanks…
>>
>
> I believe your Order allow, deny is correct.
>
i believe so too...
> You are controlling what can be served by Apache, but not the actual
> network connection to your Apache server, hence the continued entries in
> your connection table. I would assume your Apache error log is spewing lots
> of access denied or such errors indicating your deny is working.
> If you really want to keep a given an IP address completely out of Apache,
> block it in iptables or better yet the firewall behind which your Apache
> server sits, but iptables will do it.
i'm aware. the problem is that this is an netbsd ec2 (amazon instance) and
the only "firewall" right now is the security groups that service offers.
those are not meant to block individual ips. they are rather all exclusive.
so my only other option was pf. which i'm used to but it appears that the
whole dynamic kernel module loading is screwed up because of the kernel
build to fit xen… and so on…
> --
> Jim Albert
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] ESTABLISHED connections
Posted by Jim Albert <ji...@netrition.com>.
On 3/13/2015 7:17 PM, el kalin wrote:
>
> if i have this in the
>
> <Directory "/server/doc/root">
>
> Order allow,deny
> Allow from all
> deny from 111.10.250.188
> </Directory>
>
> how come this:
>
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21806
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21805
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23202
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23188
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22544
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22490
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23364
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23365
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22825
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22751
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22561
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22340
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22339
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23151
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23159
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22698
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22512
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22457
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22416
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22403
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23377
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23376
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23105
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23108
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22803
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22135
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.dcap
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21924
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21923
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23329
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23319
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22546
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22545
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.22139
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21694
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.21658
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23075
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23074
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23026
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.23025
> ESTABLISHED
> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.inovapo
> ESTABLISHED
>
>
> this is growing with every netstat i do. any ideas???
>
> thanks…
I believe your Order allow, deny is correct.
You are controlling what can be served by Apache, but not the actual
network connection to your Apache server, hence the continued entries in
your connection table. I would assume your Apache error log is spewing
lots of access denied or such errors indicating your deny is working.
If you really want to keep a given an IP address completely out of
Apache, block it in iptables or better yet the firewall behind which
your Apache server sits, but iptables will do it.
--
Jim Albert
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org