[users@httpd] blacklisting

[Will Fatherley <we...@gmail.com>]

Hi All,

I have been using A2 for a few years now, but I've not really needed to
implement any deny/black-listing because I simply have no meaningful
security/traffic constraints. In moving forward with development on top of
A2 which does have security implications, I'm hoping it might be possible
that folks might be willing to share how they store blocked remote
addresses. For instance, are relational datastores and other such objects
typically required at the enterprise level to store blocked addresses? Or
is a plaintext file suitable from an efficiency standpoint?

Best,
Will F

Re: [users@httpd] blacklisting

[Marc Serra <ms...@manxa.com>]

We are using a border firewall too. This firewall includes an option to
auto update "list of bad IP" from a proprietary database.

Also you can use a public bad IP list, for example:
https://feodotracker.abuse.ch/blocklist/ or
https://github.com/mlsecproject/combine/wiki/Threat-Intelligence-Feeds-Gathered-by-Combine,
and create a crontab script to parse this list and update your .htaccess
file

Missatge de Jim Albert <ji...@netrition.com> del dia dj., 17 de juny 2021 a
les 3:30:

> On 6/16/2021 9:05 PM, Will Fatherley wrote:
> > Hi All,
> >
> > I have been using A2 for a few years now, but I've not really needed
> > to implement any deny/black-listing because I simply have no
> > meaningful security/traffic constraints. In moving forward with
> > development on top of A2 which does have security implications, I'm
> > hoping it might be possible that folks might be willing to share how
> > they store blocked remote addresses. For instance, are relational
> > datastores and other such objects typically required at the enterprise
> > level to store blocked addresses? Or is a plaintext file suitable from
> > an efficiency standpoint?
> >
> > Best,
> > Will F
>
> I find it easiest to implement blocks at the border firewall especially
> if I'm implementing a stored list of known attack IP addresses. At the
> border firewall I can easily block a set of IP addresses from the WAN to
> all my resources... httpd and others.
>
> Within Apache there are a variety of examples of what you can do at:
> https://httpd.apache.org/docs/2.4/howto/access.html
>
> I'm sure others can add to this advice from their own experiences.
>
> Jim
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

-- 
Marc Serra
Organització i Sistemes

-- 

   
  


 
  
    
  
  
  
     
     Manxa 1876, S.L.
Ctra. Les Tries, 
85.17800 Olot (Girona)
*Tel. 972 27 45 30 www.manxa.com 
<https://www.manxa.com>* 
    _ *Manxa Industrial 
<https://www.manxaindustrial.com>*
_ *Manxa Ferros 
<https://www.manxaferros.com>*
_ *Manxa Ferreteria i Parament de la Llar 
<https://www.manxabricolatge.com>*___
  

  




-- 

Manxa 
1876, S.L. *
Ctra. 
Les Tries, 85. 17800 Olot (Girona)**Tel. 972 27 
45 30 Fax 972 27 45 32*


* Manxa Industrial | *Coneix
més aquí 
<http://www.manxaindustrial.com>



* Manxa Ferros | *Coneix
més aquí 
<http://www.manxaferros.com/>



* Manxa Ferreteria i Parament de la Llar | 
*Coneix
més aquí <https://www.manxabricolatge.com>


**

-- 


El contingut d’aquest correu electrònic i els seus annexos és 
estrictament confidencial. En el cas que no siguis el destinatari i hagis 
rebut aquest missatge per error, preguem que ho comuniquis al remitent i 
procedeixis a la seva eliminació, sense difondre, emmagatzemar o copiar el 
seu contingut. Imprimeix aquest correu només si és necessari.

El contenido 
de este correo electrónico y sus anexos es estrictamente confidencial. En 
el caso de que no seas el destinatario y hayas recibido este mensaje por 
error, rogamos lo comuniques al remitente y procedas a su eliminación, sin 
difundir, almacenar o copiar su contenido. Imprimir este correo solo si es 
necesario.

The content of this email and its attachments is strictly 
confidential. If you are not the recipient and you have received this 
message by mistake, please notify the sender and proceed to its 
elimination, without spreading, storing or copying its content. Print this 
email only if necessary.

Le contenu de cet e-mail et de ses pièces jointes 
est strictement confidentiel. Dans le cas où vous n'êtes pas le 
destinataire et avez reçu ce message par erreur, veuillez en informer 
l'expéditeur et procéder à sa suppression, sans diffuser, stocker ou copier 
son contenu. Imprimez cet e-mail uniquement si nécessaire.

Re: [users@httpd] blacklisting

[Jim Albert <ji...@netrition.com>]

On 6/16/2021 9:05 PM, Will Fatherley wrote:
> Hi All,
>
> I have been using A2 for a few years now, but I've not really needed 
> to implement any deny/black-listing because I simply have no 
> meaningful security/traffic constraints. In moving forward with 
> development on top of A2 which does have security implications, I'm 
> hoping it might be possible that folks might be willing to share how 
> they store blocked remote addresses. For instance, are relational 
> datastores and other such objects typically required at the enterprise 
> level to store blocked addresses? Or is a plaintext file suitable from 
> an efficiency standpoint?
>
> Best,
> Will F

I find it easiest to implement blocks at the border firewall especially 
if I'm implementing a stored list of known attack IP addresses. At the 
border firewall I can easily block a set of IP addresses from the WAN to 
all my resources... httpd and others.

Within Apache there are a variety of examples of what you can do at:
https://httpd.apache.org/docs/2.4/howto/access.html

I'm sure others can add to this advice from their own experiences.

Jim


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org