Results 1 to 5 of 5
Thread: How to block traffic
-
02-10-2006, 04:33 PM #1Junior Guru Wannabe
- Join Date
- Apr 2004
- Posts
- 39
How to block traffic
If I want to block traffic from a particular IP - it seems there is 3 ways to do it
1) .htaccess
2) hosts.deny
3) Kernel level firewall rules.
What are the advantages disadvantages to each method - which one should one chose?
-
02-10-2006, 04:36 PM #2Aspiring Evangelist
- Join Date
- Jan 2006
- Location
- London, UK.
- Posts
- 377
.htaccess
- simple
- echo deny all (for emergencies)
- the one I tend to use.
hosts.deny
- need ssh in any case (right?)
- have to edit a single file, cant be broken down
kernel level
- way too much effort
- needs ssh
- pretty extreme. I'd ask the transit provider instead.
-
02-10-2006, 05:50 PM #3Web Hosting Guru
- Join Date
- Mar 2004
- Posts
- 297
In theory..
.htaccess
-After growth of large block lists, more cpu is used than with IPTables(3)
I prefer IPTables, very flexible for ip rules, as you get port types, states etc..
Plus it is killed sooner, so it has the advantage of less overhead, cpu resources/memory etc..
Thou if you need specific Layer 7 filtering as in the html/php/asp/cgi page requested, then htaccess is the choice.
-
02-10-2006, 06:18 PM #4Eternal Member
- Join Date
- Dec 2004
- Location
- New York, NY
- Posts
- 10,710
kernel level
- way too much effortMediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business
-
02-10-2006, 06:21 PM #5Web Hosting Guru
- Join Date
- Mar 2004
- Posts
- 297
btw, hosts.deny (likely apf or such) if thats what you mean is actually deny_hosts.rules
And as stated above, simply injects into IPTables.
If thats what you mean, 2 and 3 are the same.