You could try ipset (yum install ipset) and create live lists of ips/blocks and create a single lined rule in iptables to handle the lists. The only downside is the lists are lost on a reboot, which can be overcome with a little scripting. > -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Max Pyziur > Sent: Wednesday, May 29, 2013 10:08 PM > To: CentOS mailing list > Subject: Re: [CentOS] Size limitations in .htaccess > > On Wed, 29 May 2013, m.roth at 5-cent.us wrote: > > > Max Pyziur wrote: > >> > >> Greetings, > >> > >> It seems that I've hit a size limitation when adding unwanted IPs to > >> a "Deny From" line. > >> > >> Is there any place where this is specified? > >> > >> Also, if I hit the max length on a "Deny From" line, can I add > >> another "Deny From" line? > >> > >> (Running CentOS 6, and the following version of Apache: > >> httpd-2.2.15-28.el6.centos.x86_64) > > > > Have you considered running fail2ban, and banning them using iptables? > > I've considered that. > > But I'm tied to my (little?/not-so-little?) home-grown system of mining > threatening IPs from BL sites (spam, sshd, forumspam), running them > through an sql database, and outputing /etc/hosts.deny files to block via tcp > wrappers, and now starting to output "Deny from" lines to place in .htaccess > files. "Deny From" lines longer than somewhere around 8000 characters > seem to be the limit; I was curious if there was a specified limit somewhere, > and whether or not I could put multiple Deny From lines? > > WHile fail2ban looks good, the little that I've tried it, I like keeping the firewall > iptables neat, and doing the blocking as I have described above (maybe it's > familiarity trumping fail2ban; maybe it's that fail2ban has a bit of a learning > curve ...) > > > mark > > > > Much thanks for the advice. > > Max Pyziur > pyz at brama.com > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos