Results 1 to 5 of 5
  1. #1

    How to block traffic

    If I want to block traffic from a particular IP - it seems there is 3 ways to do it

    1) .htaccess

    2) hosts.deny

    3) Kernel level firewall rules.

    What are the advantages disadvantages to each method - which one should one chose?

  2. #2
    Join Date
    Jan 2006
    Location
    London, UK.
    Posts
    377
    .htaccess
    - simple
    - echo deny all (for emergencies)
    - the one I tend to use.

    hosts.deny
    - need ssh in any case (right?)
    - have to edit a single file, cant be broken down

    kernel level
    - way too much effort
    - needs ssh
    - pretty extreme. I'd ask the transit provider instead.

  3. #3
    Join Date
    Mar 2004
    Posts
    297
    In theory..

    .htaccess
    -After growth of large block lists, more cpu is used than with IPTables(3)

    I prefer IPTables, very flexible for ip rules, as you get port types, states etc..
    Plus it is killed sooner, so it has the advantage of less overhead, cpu resources/memory etc..

    Thou if you need specific Layer 7 filtering as in the html/php/asp/cgi page requested, then htaccess is the choice.

  4. #4
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,710
    kernel level
    - way too much effort
    Well, not really - programs like APF make your l ife much easier
    MediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

  5. #5
    Join Date
    Mar 2004
    Posts
    297
    btw, hosts.deny (likely apf or such) if thats what you mean is actually deny_hosts.rules

    And as stated above, simply injects into IPTables.

    If thats what you mean, 2 and 3 are the same.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •