[CentOS] Size limitations in .htaccess

Mon Jun 3 14:43:27 UTC 2013
Michael Krug <mkrug at agjunction.net>

You could try ipset (yum install ipset) and create live lists of ips/blocks
and create a single lined rule in iptables to handle the lists. The only
downside is the lists are lost on a reboot, which can be overcome with a
little scripting. 

> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Max Pyziur
> Sent: Wednesday, May 29, 2013 10:08 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Size limitations in .htaccess
> 
> On Wed, 29 May 2013, m.roth at 5-cent.us wrote:
> 
> > Max Pyziur wrote:
> >>
> >> Greetings,
> >>
> >> It seems that I've hit a size limitation when adding unwanted IPs to
> >> a "Deny From" line.
> >>
> >> Is there any place where this is specified?
> >>
> >> Also, if I hit the max length on a "Deny From" line, can I add
> >> another "Deny From" line?
> >>
> >> (Running CentOS 6, and the following version of Apache:
> >> httpd-2.2.15-28.el6.centos.x86_64)
> >
> > Have you considered running fail2ban, and banning them using iptables?
> 
> I've considered that.
> 
> But I'm tied to my (little?/not-so-little?) home-grown system of mining
> threatening IPs from BL sites (spam, sshd, forumspam), running them
> through an sql database, and outputing /etc/hosts.deny files to block via
tcp
> wrappers, and now starting to output "Deny from" lines to place in
.htaccess
> files. "Deny From" lines longer than somewhere around 8000 characters
> seem to be the limit; I was curious if there was a specified limit
somewhere,
> and whether or not I could put multiple Deny From lines?
> 
> WHile fail2ban looks good, the little that I've tried it, I like keeping
the firewall
> iptables neat, and doing the blocking as I have described above (maybe
it's
> familiarity trumping fail2ban; maybe it's that fail2ban has a bit of a
learning
> curve ...)
> 
> >     mark
> >
> 
> Much thanks for the advice.
> 
> Max Pyziur
> pyz at brama.com
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos