I
I
Igor Petrov2015-10-25 23:07:26
Nginx
Igor Petrov, 2015-10-25 23:07:26

How to block user-agent via iptables in Debian 7 OS?

Actually how to block user-agent through IPtables?
there is a wordpress attack by bots, and they are clogged in the logs ... I
tried to write this
iptables -I INPUT -p tcp -m string -algo kmp -string “WordPress” -j DROP
nothing helps, it does not block ...

Answer the question

In order to leave comments, you need to log in

3 answer(s)
R
Rsa97, 2015-10-25
@Rsa97

fail2ban

M
Mark Doe, 2015-10-25
@mourr

The solution with string is very dubious
. Try writing them in a separate log, something like this

# Apache config
RewriteCond %{HTTP_USER_AGENT}  ^WordPress/4\.0
RewriteRule - [L,R=403,E=WordPress]
LogFormat "%t\t%a\t%{remote}p\t%{User-Agent}i"
CustomLog wordpress wordpress.log env=WordPress

Then, once an hour, let's say, get all the IPs from this log and ban them in batches by IP with a simple script

M
Max, 2015-10-25
@MaxDukov

-algo bm?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question