[CentOS] Size limitations in .htaccess

Thu May 30 02:08:07 UTC 2013
Max Pyziur <pyz at brama.com>

On Wed, 29 May 2013, m.roth at 5-cent.us wrote:

> Max Pyziur wrote:
>> Greetings,
>> It seems that I've hit a size limitation when adding unwanted IPs to a
>> "Deny From" line.
>> Is there any place where this is specified?
>> Also, if I hit the max length on a "Deny From" line, can I add another
>> "Deny From" line?
>> (Running CentOS 6, and the following version of Apache:
>> httpd-2.2.15-28.el6.centos.x86_64)
> Have you considered running fail2ban, and banning them using iptables?

I've considered that.

But I'm tied to my (little?/not-so-little?) home-grown system of mining 
threatening IPs from BL sites (spam, sshd, forumspam), running them 
through an sql database, and outputing /etc/hosts.deny files to block via tcp 
wrappers, and now starting to output "Deny from" lines to place in 
.htaccess files. "Deny From" lines longer than somewhere around 8000 
characters seem to be the limit; I was curious if there was a specified 
limit somewhere, and whether or not I could put multiple Deny From lines?

WHile fail2ban looks good, the little that I've tried it, I like keeping 
the firewall iptables neat, and doing the blocking as I have described 
above (maybe it's familiarity trumping fail2ban; maybe it's that fail2ban 
has a bit of a learning curve ...)

>     mark

Much thanks for the advice.

Max Pyziur
pyz at brama.com