Solved

hosts.deny not working

Posted on 2012-03-16
5
461 Views
Last Modified: 2012-03-25
I stuck an IP wildcard (180.76.) into my /etc/hosts.deny file, and I rebooted, but it's not working. I'm still seeing access from that subnet in /usr/local/apache/logs/access_log

What more do I need to do?
0
Comment
Question by:jmarkfoley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:savone
ID: 37730981
Can you post your hosts.deny file?  

Your line should read:

ALL  : 180.76.

That will block access to all services from the 180.76.0.0 network.
0
 
LVL 11

Expert Comment

by:legolasthehansy
ID: 37731042
It doesn't work unless TCP wrappers is compiled in for Apache. I would suggest IPtables.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 37731105
savone: yes, that is what I have. Copy/pasted right from my hosts.deny:

ALL: 180.76.

legolasthehansy: but I thought the host.deny was for everything, not just apache? I.e., it would prevent access from that IP for all services including ftp, http, smtp, pop, etc. ALL should deny everything, right? It doesn't make sense that port 80 would foward anyway.

However, httpd is not specified in inetd, so would that be the problem with hosts.deny?

If I do use ip_tables, would the following be the correct directive?

iptables -A INPUT -s 180.76. -j DROP
iptables -A OUTPUT -d 180.76 -j DROP

hosts.deny would be simpler if that is a viable solution.
0
 
LVL 11

Accepted Solution

by:
legolasthehansy earned 500 total points
ID: 37731136
hosts.deny and .allow only work for programs that are tcp wrapped.
Here is how you do it on iptables though
 iptables -A INPUT -s 180.76.0.0/subnet -j DROP

I agree tcpwrappers are easy.. :)
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 37763199
Thanks, iptables appears to have done the trick. I've also added that IP to hosts.deny
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question