[CentOS] .htaccess file

Mon Aug 29 22:25:15 UTC 2016
TE Dukes <tdukes at palmettoshopper.com>

> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Always Learning
> Sent: Monday, August 29, 2016 1:50 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] .htaccess file
> Hi,
> > My home system on a DSL line is getting worn out by bad behavior robots.
> >
> > Awhile back, I created a .htaccess file that block countries by IP
> > Its 2MB in size.
> Do you control your home server ?  If so, then .htaccess is the wrong
> solution, because you need to incorporate blockages in your IP Tables
> firewall and then use your Apache configuration file to restrict any
> unwanted visitors.
[Thomas E Dukes] 

Yes. I knew .htaccess wasn't the best method. I didn't know about ipsets. It
make this so much easier.

> .htaccess (its possible in Apache to rename it) is inefficient and
suitable as a
> second-rate solution when you are using a hosted service and lack full
> of the server. VPSs are cheap and a better alternative to hosted mail and
> web.
> On my servers (C5 and C6) in IP Tables, I have three sets of blockages:
> * permanent for all ports
> * only for web (port 80)
> * only for emails (port 25)
> In web and emails there is a permanent table plus a monthly one (one for
> every month). Perpetual pests go in the permanent tables and irritants in
> monthly table - otherwise the banned IPs entries would get too large.
> A compromised computer trying to send me junk mail or trying to wrongly
> access a web page or attempting to break-in to SQL (instantly identified
> IP instantly blocked because I impose string size limits for the
?key=....) has
> its IP added to the monthly list and remains there until one month after
> last access from that IP address.
> I am unwilling to be a passive victim of junk mail and web hackers.
[Thomas E Dukes] 
Same here!!

> All home-made solutions but effective and robust. Centos made all this
> possible (sincere thanks to the C-Team; they are all 'A*' rated).
[Thomas E Dukes]