Getting a lot of traffic [likely bots] that are hitting my site via an IP address instead of a domain.
For example, a user would access my site at https://www.example.com/login but I'm getting traffic using the IP instead: https://123.45.678.910/login
I would like to block access to anything using the IP instead of the domain. Can this be done via the .htaccess file?
I can do it via PHP, but by then, it's already wasting resources. Is there another / common / best-practice way to handle this?
When googling for the solution, I get a LOT of information about how to block or allow specific IP address(es) or range of IPs, but that's not what I'm looking for.
Related
I would like to ask, can anyone here advise on how to have a specific web address enabled to display only at a specific IP address that I choose?
I've only got HTML basics, and nowhere have I found a way to get this or are there any storage sites that support this?
I want it for storing a script I don't want to have publicly and I need it fixed to an IP address.
javascript:$.getScript('secret url);void(0);
Thank you
You will need to blacklist all other IPs and whitelist the IPs you want it to have access to.
Shared Hostings will have their own GUI for doing this but if you're hosting your app using a VPS (Virtual Private Server).
The most common approaches are:
Option #1: Through Web Server (Nginx, Apache, etc...)
Nginx
https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-tcp/#restricting-access-by-ip-address
Apache
https://httpd.apache.org/docs/2.4/howto/access.html
Option #2: Through Backend Server (PHP, Ruby, etc...)
PHP IP Address Whitelist with Wildcards
Note:
You will need to have your HTML page rendered using one of these
approaches to make it work.
The flow would look like this:
User visits the page -> Web Server Checks If the IP is allowed ->
Backend Server Checks if the IP is allowed (optional) -> Serve the
HTML.
Somebody tried to get access to my TYPO3 backend. I already have the IP adress of the attacker and want to block it from the backend.
I already tried to block ip with .htaccess but this doensn't work. I think the rules are overwritten by something else in the .htaccess file which I couldn't figure out yet.
Captcha is at the moment not a suitable solution.
Are there any good extensions for blocking IP adresses or is there another way to avoid these brute-force attacks?
If you are really concerned about somebody to be able to successfully get access to the system I suggest to go the "white list" path instead of blacklisting single IPs.
TYPO3 has a built in feature to block backand access for ALL IPs except some white listed ones.
To do this just add the following into AdditionalConfiguration.php putting your own IP and the IPs (or subnets) of other users too.
$GLOBALS["TYPO3_CONF_VARS"]['BE']['IPmaskList'] = 'x.x.x.x,y.y.y.*,z.z.*.*';
Other than that, just make sure you take the basic steps to make your backend more secure:
1) Force SSL for the backend:
$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] = 2;
2) Implement a secure password policy for the backend users by using e.g. EXT:be_secure_pw
3) Secure session cookies to have ssl_only and http_only attributes:
$GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieHttpOnly']=1;
$GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieSecure']=1;
4) And last but not least: make sure you are using the most recent version of your TYPO3 version line, ideally a maintained LTS version.
You should block requests before PHP/MySql is in use in the best case. So .htaccess is the correct way in my eyes. If it does not work, you should ask your hoster.
It sounds like you want to block the IP of the attacker and put measures in place to block known bad ip's. One of the main issues with blocking the IP of the attacker is that it's fairly easy for an attacker to setup a new IP address and launch a new attack.
There are services that provide lists of known bad ip's if you wanted to implement your own firewall.
Alternatively you can look to place your URL behind a solution such as Cloudflare that have the ability to block IP's or countries. I know of business's that block traffic from China and Russia since they identified that most of their attacks came from these countries.
I am familiar with denying access based on an IP, block of IPs, browser, URL etc... but my problem here is, let me state, how to deny access if it came from some IP address, at least 3 times a second for long period of time. Here, you don't know the IP address unless you look at the access file. By the time you found out the IP address it's already drawn too much of the bandwidth.
You can't use htaccess for doing this. The out-of-box apache directives can't handle browsing sessions. You'll need to install some sort of log parser, maybe something like fail2ban? Or you can probably cook up a set of iptables rules for blocking lots of connections from one IP: https://askubuntu.com/questions/437059/linux-command-to-prevent-dos-attack-by-using-netstat-and-iptables
Is it possible to block all requests that use the IP address rather than the domain name for a site on IIS? For example, i'd like to block https://104.100.100.2 but not https://somesite.com (which resides at the dummy ip of 104.100.100.2). I've tried using URLScan 3, but was unable to build a working rule. Thanks!
http://technet.microsoft.com/en-us/library/cc753195%28WS.10%29.aspx
Have a look here and bind to the publicly accessible domain name - should do the trick (IIS won't respond to requests that haven't accessed using the https://somesite.com)
Not sure how else to do it...
Dave
Suppose I have two domain names (domainA, domainB). I set the CNAME record of domainA to domainB, so whenever a user resolves domainA, he will be redirected to resolving domainB instead. My question is if it is possible to restrict accessing domainB directly. So no one can resolve domainB unless it has first resolved domainA.
The DNS system is designed to be an open system that allows anyone to resolve addresses. In its native form it is not possible to do what you are looking for.
Even though the most common (perhaps only) software used for DNS servers on the internet is open source ISC Bind - And you could potentially use that to write your own DNS server to attempt to create that functionality I am reasonably sure that because DNS works as a referral network (i.e. other DNS servers make requests against your DNS servers on behalf of clients) it would be difficult to lock DNS down to a single source.
Simply DNS isn't designed to provide any form of security. Your request is akin to asking 'could I make a phone book that only allowed people to read my name if they read my neighbours first'
The only method you could use is to allow users to make a request to example.com and from their redirect their request to example.org. That way you are operating at a level higher than IP Name resolution and you start getting more control over what happens.