[users@httpd] 'Deny from' implications

[Charles Michener <mi...@yahoo.com>]

I have a 'not too bright' router that does not allow me to block naughty IP's from my Apache 2.2 server so I am successfully blocking them from Apache using the 'Deny from' directive.

What performance load do I get as I add more IP's to my Deny list?

Is it better to keep adding separate 'Deny from xxxx' lines or should I be using one line: 'Deny from xxxx yyyy zzzz ...'

Charles Michener

       
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  Try it now.

Re: [users@httpd] 'Deny from' implications

[Christian Folini <ch...@post.ch>]

On Sat, Dec 08, 2007 at 10:25:06AM -0800, Charles Michener wrote:
> I have a 'not too bright' router that does not allow me to block naughty IP's from my Apache 2.2 server so I am successfully blocking them from Apache using the 'Deny from' directive.
> 
> What performance load do I get as I add more IP's to my Deny list?
> 
> Is it better to keep adding separate 'Deny from xxxx' lines or should I be using one line: 'Deny from xxxx yyyy zzzz ...'

How many addresses do you want to block that way?
Dozens? Hundreds? Thousands? Naughty IP's sounds dynamic.
Not sure Apache is the best place to block them. Ever thought
about a firewall?

Otherwise: Try to find out with apache bench (ab). It's really quite
simple. If you stick to reasonable numbers, I do not see much
of a performance problem.

regs,

Christian


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org