Introduction
How do you Block large number of IP address from your web application/server. Obviously that can easily be done in PHP or any programming language
$ipList = []; // array list or from database
if (in_array(getIP(), $ipList)) {
// Log IP & Access information
header("https://www.google.com.ng/search?q=fool"); // redirect
exit(); // exit
}
Or Using htaccess
order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
# .... the list continues
allow from all
The issues
- Am trying to block a whole
100k plus individual IPsnotsubnets - Am trying to avoid user getting to PHP before blocking such IP
- 100000+ is over 1.5MB and that is a lot if information to be loading in
htaccessall the time - Database of IP still growing ... and they would be nee to dynamically add more values
- To set bans in
iptablesfor 100000+ is just ridiculous (Might Be wrong)
Stupid Idea
order allow,deny
deny from database <-------- Not sure if this is possible
allow from all
Question
- Is it possible for
htaccessto get the list from database (Redis,Crunchbase,Mongo, MySQL or even Sqlite) ... any - Is there a visible solution to manage such kind of issue in production
- I know the best solution is
Block the IPs at the firewall levelis there any way to pragmatically add/remove IP to the firewall
Finally
My approach might be totally wrong ... all I want is a visible solution since spammers and botnets are on the rise ...
Please this has nothing to do with DOS attack its a simple ... get lost response
Update
- Firewall : Cisco PIX 515UR
