Re: [users@httpd] Apache rewritemap condition that will CDIR-ipmatch against returned value from the map?

Wed, 01 Jul 2020 10:43:09 -0700 

Depends on not ’smarter thinking’ but 'out of the box' thinking… I can block a 
few hundred thousand IP’s with just THREE characters ! Not boasting but I have 
half of China and Russia blocked if not 3/4 with less than 30 characters… So I 
suggest (with the aid of the 'GREP' command) to ascertain which countries you 
won’t deal with and block whole IP blocks or domain suffixes…. ONE possible 
solution and a LOT less work :) Anyone blocked can ALWAYS email me if they are 
a genuine customer and ask WHY they are blocked if they feel it’s a wrong 
decision, 99.99% don’t because MOST bad IP requests are automated, so no loss 
there….

Angel
Scotland.

> On 1 Jul 2020, at 15:33, Wendell Hatcher <wendellhatcher1...@gmail.com> wrote:
> 
> Hello, I have a ipfileblocklist text file that has over 10,000 ip addresses 
> that need to be matched against. We managed to do a RewriteCond expr  " 
> (%{HTTP:x-etsc-client-ip} -ipmatch 'X.X.X.X' )” on the cdir ipmatch that 
> comes back from the F5 but there are too many single rewrite cond exprs that 
> are being called and it caused apache to slow down or lock  due to each 
> singular condition call within the file.
> 
> 
> 
> Over 60000 plus single condition calls in our separate ipblocking file. This 
> causes a huge load on the apache server and locks the system.
> 
>     RewriteCond expr  " (%{HTTP:x-etsc-client-ip} -ipmatch 'X.X.X.X' )”
> 
>      RewriteCond expr  " (%{HTTP:x-etsc-client-ip} -ipmatch 'X.X.X.X' )”
> 
>     RewriteCond expr  " (%{HTTP:x-etsc-client-ip} -ipmatch 'X.X.X.X' )”
> 
> 
> 
> 
> 
> We want to load the ips into a rewritemap text or db and call them but the 
> mapping condition on the CDIR seems to be off somewhat and doesn't work.
> 
> Also, as the file grows do you have any recommendations on iobuffering or 
> slow down loading the data into a map?
> 
> 
> 
> Our file has a list of ips like to so. The condition will check each 
> beginning and end with b$
> 
> 142.255.85.0/17 <http://142.255.85.0/17>   b
> 
> 65.144.129.15/1 <http://65.144.129.15/1>   b
> 
> 
> RewriteMap ipblocklist “txt:/path/to/ipblocklist.txt”
> 
>   RewriteCond "${ipblocklist:% ({HTTP:x-etsc-client-ip} -ipmatch  ^b$)”   [NC]
> 
>   RewriteCond ${ipblocklist:%{HTTP:x-etsc-client-ip} -ipmatch}}  ^b$          
>   [NC]
> 
> RewriteRule ^/[^/]+/Main/ad/ - [F,L]
>

Attachment: signature.asc
Description: Message signed with OpenPGP

Reply via email to