I never empty it. The chances of a regular visitor wanting to access one of our sites with the same IP previously used by an attack bot of some sort has to be one in millions if not more. Most of the IPs in the deny list are typically from China, etc.
Assuming you're making effective use of tempbans (rather than denying outright for possible mistakes such as htaccess incorrect pass) then you probably don't need to empty it.
Dallas Colocation by Incero
e: sales(at)incero(dot)com • 855.217.COLO (2656)
Colocation & Enterprise Servers, SATA/SAS/SSD, secure IPMI/KVM remote control, 100% U.S.A. Based Staff
SSAE 16, SAS70, Redundant Power & Network, Fully Diverse Fiber
but if there is hundreds of record,will it not decrease the performance ? thanx
Yes, it will decrease the performance if the list is very very long. There is no harm in removing IPs which are blocked a few months ago. If any of those IPs try to brute force in again, the firewall will block them again.
| Server Setup | Security | Optimization | Troubleshooting | Server Migration
| Monthly and Task basis services.
| MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux
The more rules the more the server has to process. Where you really start to get into trouble is when you hit many thousands of rules, culling the list earlier rather then later generally won't hurt Most IPs that attack a site end up getting disabled/cleaned up after awhile and are not always a threat. If you are paranoid blocking a few of the more troublesome countries will help a LOT with attempted exploits.
John W, CISSP, C|EH
MS Information Security and Assurance ITEagleEye.com - Server Administration and Security Yawig.com - Managed VPS and Dedicated Servers with VIP Service