Solved

hosts.deny not working

Posted on 2012-03-16
5
459 Views
Last Modified: 2012-03-25
I stuck an IP wildcard (180.76.) into my /etc/hosts.deny file, and I rebooted, but it's not working. I'm still seeing access from that subnet in /usr/local/apache/logs/access_log

What more do I need to do?
0
Comment
Question by:jmarkfoley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 23

Expert Comment

by:savone
ID: 37730981
Can you post your hosts.deny file?  

Your line should read:

ALL  : 180.76.

That will block access to all services from the 180.76.0.0 network.
0
 
LVL 11

Expert Comment

by:legolasthehansy
ID: 37731042
It doesn't work unless TCP wrappers is compiled in for Apache. I would suggest IPtables.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 37731105
savone: yes, that is what I have. Copy/pasted right from my hosts.deny:

ALL: 180.76.

legolasthehansy: but I thought the host.deny was for everything, not just apache? I.e., it would prevent access from that IP for all services including ftp, http, smtp, pop, etc. ALL should deny everything, right? It doesn't make sense that port 80 would foward anyway.

However, httpd is not specified in inetd, so would that be the problem with hosts.deny?

If I do use ip_tables, would the following be the correct directive?

iptables -A INPUT -s 180.76. -j DROP
iptables -A OUTPUT -d 180.76 -j DROP

hosts.deny would be simpler if that is a viable solution.
0
 
LVL 11

Accepted Solution

by:
legolasthehansy earned 500 total points
ID: 37731136
hosts.deny and .allow only work for programs that are tcp wrapped.
Here is how you do it on iptables though
 iptables -A INPUT -s 180.76.0.0/subnet -j DROP

I agree tcpwrappers are easy.. :)
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 37763199
Thanks, iptables appears to have done the trick. I've also added that IP to hosts.deny
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question