[CentOS] Size limitations in .htaccess
Bowie Bailey
Bowie_Bailey at BUC.com
Tue Jun 11 19:29:23 UTC 2013
On 5/29/2013 10:08 PM, Max Pyziur wrote:
> On Wed, 29 May 2013, m.roth at 5-cent.us wrote:
>
>>
>> Have you considered running fail2ban, and banning them using iptables?
> I've considered that.
>
> But I'm tied to my (little?/not-so-little?) home-grown system of mining
> threatening IPs from BL sites (spam, sshd, forumspam), running them
> through an sql database, and outputing /etc/hosts.deny files to block via tcp
> wrappers, and now starting to output "Deny from" lines to place in
> .htaccess files. "Deny From" lines longer than somewhere around 8000
> characters seem to be the limit; I was curious if there was a specified
> limit somewhere, and whether or not I could put multiple Deny From lines?
>
> WHile fail2ban looks good, the little that I've tried it, I like keeping
> the firewall iptables neat, and doing the blocking as I have described
> above (maybe it's familiarity trumping fail2ban; maybe it's that fail2ban
> has a bit of a learning curve ...)
Fail2ban keeps all of its rules in it's own chain, so any custom rules
that you have created will not get lost in the clutter.
You could also do the blocking yourself with iptables rather than having
fail2ban manage it for you. Just create iptables rules rather than the
hosts.deny format.
iptables -I Blacklist -s xxx.xxx.xxx.xxx -j DROP
Of course, you need to add a rule in your main ruleset to call the
Blacklist chain. And make sure to save the rules from time to time so
you don't lose all of them in a reboot.
--
Bowie
More information about the CentOS
mailing list