Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Deny from

Posted on 2005-03-19
Medium Priority
Last Modified: 2010-03-04
when I looked at the access log, I saw from time to time something like this - - [20/Mar/2005:11:07:18 +0800] "SEARCH

what is this, some kind of attack ?  

I tried place the "Deny from " lines in the httpd.conf, but do not know why, still one or two such IP can pas thru. How do I stop this kind of attack from messing up my access log.
Question by:ChanYiuPong
LVL 27

Expert Comment

ID: 13585330
where did you place the deny from? Dou you have also some "Allow from" in your httpd.conf?

But if access is blocked, you'll find a log entry with the status code 403 like - - [19/Mar/2005:17:54:38 +0200] "HEAD /..... HTTP/1.0" 403 - "-" "-"
in your access log

Author Comment

ID: 13585726
HIi caterham,

I have the line inside the doucment root
I have
  Order allow,deny
  Allow from all
before the line

never seen the status code 403 before in the access log, do you mean the error log ?

Expert Comment

ID: 13590357
Caterham_www is right, It will be in the access log.

An easier way to fight this kind of abuse is to put in your httpd.conf

AllowOverride Limit

And just maintain an .htaccess file inside the websites root directory with

Deny from
Deny from

and so on in the .htaccess

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 13591885

will try on that, let's see how it goes for 1 day.  Is there any other way to block such attack rather than until the IP is shown in the log. It seem to be of a pattern but unluckily it is from a lot of different IPs.

Expert Comment

ID: 13592110
If it is from a block of identivcal ip addresses you can block that range of ip



you could put

Deny from 23.45.234.

or if the first two match up on all
you could put just the first two


BUT you must be careful while doing this as you may end up blocking legitimate users.

It may be extra work but i find it better to just put the exact ip of the abusers so as to not block legit users.

This may also just be homework or some script kiddy looking for an easy target.

Here are some security tools you should be running to check for an actual breach of security.
AIDE http://www.cs.tut.fi/~rammer/aide.html or
Tripwire http://www.tripwire.org/


chkrootk http://www.chkrootkit.org  is  a good one for checking for activity of a root kit being setup.

Armed with these security tools you should be able to detect if your server has been hacked or if it is just noise.

hope some of this helps.

Author Comment

ID: 13597609
Unluckily I am using apache on windows platform, so the tools cannot be used. I have changed the .htaccess to htaccess format to cop and it is functioning, at least in 8 hours only 1 of such is found.

Accepted Solution

modulo earned 0 total points
ID: 13816880
PAQed with points refunded (250)

Community Support Moderator

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Suggested Courses
Course of the Month11 days, 10 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question