Block IP Addresses

JasMax

• May 08, 2014 13:39

How to block incoming traffic for a domain on server ? for all services. Other domains should not affect.

• 

  cPanelMichael

  • May 08, 2014 19:17

  Hello :) Do you control the DNS for this domain name? If so, simply change it's name servers so that it does not resolve to your server. Thank you.

  0
• 

  JasMax

  • May 09, 2014 19:31

  Hello Michael, Thank you, I have done the same thing, but I am facing problem with few bots like gate.php, cfg.bin. I have created mod-security rule also deleted files, but traffic is still coming to a domain, also tried to delete the apache entry for the domain, but then traffic comes to server (hostname) Looking forward to block traffic for problem files or domain.

  0
• 

  quizknows

  • May 09, 2014 23:26

  What ModSecurity rule(s) are you using? You can block an entire domain with this rule: SecRule SERVER_NAME "site-to-block.com" "deny,phase:1,nolog,id:2333897,status:406"
  Try it without 'nolog' first, and if that works, add 'nolog' to save the resources from logging all the blocks. Also set this in the sites main .htaccess to minimize response size: errordocument 406 default
  

  0
• 

  JasMax

  • May 10, 2014 01:35

  Dear quizknows, Thank you for answer, I am using same rule for domain and for files using code below. SecRule REQUEST_FILENAME "^/gate\.php$" "phase:2,deny,status:402,id:10124480,log,msg:'Bad File'" Still domain is using server bandwidth in 24 hours it has used 5 GB bandwidth.

  0
• 

  quizknows

  • May 10, 2014 02:29

  Are you only trying to block the bad file(s)? Or do you want to completely block traffic to the domain? I also do like Michael's recommendation of changing the site's DNS record. If you don't need the site, set their DNS A record to something like 127.0.0.1 and the bots will send their traffic to themselves instead of your server.

  0

Please sign in to leave a comment.