i don't see it in package ports… On Fri, Mar 13, 2015 at 7:59 PM, Jim Albert <[email protected]> wrote:
> On 3/13/2015 7:54 PM, el kalin wrote: > >> >> >> On Fri, Mar 13, 2015 at 7:36 PM, Jim Albert <[email protected] >> <mailto:[email protected]>> wrote: >> >> On 3/13/2015 7:17 PM, el kalin wrote: >> >> >> if i have this in the >> >> <Directory "/server/doc/root"> >> >> Order allow,deny >> Allow from all >> deny from 111.10.250.188 >> </Directory> >> ESTABLISHED >> tcp 0 0 ip-10-102-190-93.http 111.10.250.188.inovapo >> ESTABLISHED >> >> >> this is growing with every netstat i do. any ideas??? >> >> thanks… >> >> >> I believe your Order allow, deny is correct. >> >> >> i believe so too... >> >> You are controlling what can be served by Apache, but not the actual >> network connection to your Apache server, hence the continued >> entries in your connection table. I would assume your Apache error >> log is spewing lots of access denied or such errors indicating your >> deny is working. >> >> >> If you really want to keep a given an IP address completely out of >> Apache, block it in iptables or better yet the firewall behind which >> your Apache server sits, but iptables will do it. >> >> >> i'm aware. the problem is that this is an netbsd ec2 (amazon instance) >> and the only "firewall" right now is the security groups that service >> offers. those are not meant to block individual ips. they are rather all >> exclusive. so my only other option was pf. which i'm used to but it >> appears that the whole dynamic kernel module loading is screwed up >> because of the kernel build to fit xen… and so on… >> > > iptables? > > > -- > Jim Albert > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
