[CentOS] Size limitations in .htaccess

Tue Jun 11 19:29:23 UTC 2013
Bowie Bailey <Bowie_Bailey at BUC.com>

On 5/29/2013 10:08 PM, Max Pyziur wrote:
> On Wed, 29 May 2013, m.roth at 5-cent.us wrote:
>> Have you considered running fail2ban, and banning them using iptables?
> I've considered that.
> But I'm tied to my (little?/not-so-little?) home-grown system of mining
> threatening IPs from BL sites (spam, sshd, forumspam), running them
> through an sql database, and outputing /etc/hosts.deny files to block via tcp
> wrappers, and now starting to output "Deny from" lines to place in
> .htaccess files. "Deny From" lines longer than somewhere around 8000
> characters seem to be the limit; I was curious if there was a specified
> limit somewhere, and whether or not I could put multiple Deny From lines?
> WHile fail2ban looks good, the little that I've tried it, I like keeping
> the firewall iptables neat, and doing the blocking as I have described
> above (maybe it's familiarity trumping fail2ban; maybe it's that fail2ban
> has a bit of a learning curve ...)

Fail2ban keeps all of its rules in it's own chain, so any custom rules 
that you have created will not get lost in the clutter.

You could also do the blocking yourself with iptables rather than having 
fail2ban manage it for you.  Just create iptables rules rather than the 
hosts.deny format.

iptables -I Blacklist -s xxx.xxx.xxx.xxx -j DROP

Of course, you need to add a rule in your main ruleset to call the 
Blacklist chain.  And make sure to save the rules from time to time so 
you don't lose all of them in a reboot.