Answer the question
In order to leave comments, you need to log in
D
D
donater472018-03-02 12:13:32
donater47, 2018-03-02 12:13:32
How to block useragent?
The site is ddosed with the following requests:
127.0.0.1 - - [27/Feb/2018:00:16:23 +0300] "POST /payment.php HTTP/1.0" 302 0 "-" "-"127.0.0.1 - - [27/Feb/2018:00:16:24 +0300] "GET // HTTP/1.0" 200 33183 "https://XXXX.ru/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36"How to disable them at the iptables level?
4 answer(s)
@kotomyava
@megafax
@gobananas
@jenki
B
Boris Syomov, 2018-03-02 @kotomyava
Parsing the user agent at the iptables level is not a good idea - every packet will be checked there and it will be very expensive in terms of resources. Also, it won't work for https.
User agent blocking can be done at the web server level.
Or log attempts by the web server, and block via iptables using fail2ban, for example already at the address.
V
Vladimir Skibin, 2018-03-02 @megafax
Solve this problem at the nginx level through limit_req and not through UserAgent. If you have an external payment connected, then when filtering the UA, requests from it will not be received, since third-party services do not care about setting the UA when informing the payment status.
D
Dmitry Dart, 2018-03-02 @gobananas
If there is an Apache web server, then you can block it through htaccess:
SetEnvIfNoCase user-Agent *Slurp* [NC,OR]
SetEnvIfNoCase user-Agent *Baiduspider* [NC,OR]
SetEnvIfNoCase user-Agent ^DuckDuckBot [NC,OR]
SetEnvIfNoCase user-Agent ^Sogou [NC]
Order Allow,Deny
Allow from all
Deny from env=bad_botS
Stanislav Bodrov, 2018-03-02 @jenki
grep you select addresses with the UA of interest and in iptables on DROP
Similar questions
A
Anton Kostin2021-06-14 16:30:06
Why does the site always remain cached on some mobile devices?
0Reply
D
V
T
P
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question