Introduction
How do you Block large number of IP address
from your web application/server. Obviously that can easily be done in PHP
or any programming language
$ipList = []; // array list or from database
if (in_array(getIP(), $ipList)) {
// Log IP & Access information
header("https://www.google.com.ng/search?q=fool"); // redirect
exit(); // exit
}
Or Using htaccess
order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
# .... the list continues
allow from all
The issues
- Am trying to block a whole
100k plus individual IPs
notsubnets
- Am trying to avoid user getting to PHP before blocking such IP
- 100000+ is over 1.5MB and that is a lot if information to be loading in
htaccess
all the time - Database of IP still growing ... and they would be nee to dynamically add more values
- To set bans in
iptables
for 100000+ is just ridiculous (Might Be wrong)
Stupid Idea
order allow,deny
deny from database <-------- Not sure if this is possible
allow from all
Question
- Is it possible for
htaccess
to get the list from database (Redis,Crunchbase,Mongo, MySQL or even Sqlite) ... any - Is there a visible solution to manage such kind of issue in production
- I know the best solution is
Block the IPs at the firewall level
is there any way to pragmatically add/remove IP to the firewall
Finally
My approach might be totally wrong ... all I want is a visible solution since spammers and botnets are on the rise ...
Please this has nothing to do with DOS
attack its a simple ... get lost response
Update
- Firewall : Cisco PIX 515UR