Tutorial :how do I block a LAMP server from any communication with outside except a whitelist!



Question:

Hi I want to black my server from any contact with a black list of ips and I would also like to block any domain names if possible, and have it only send http headers back and forth between ip addresses!

I would like to pretty much block any dataleaks to outside except serving the users that have a valid php session! I'm using a lot of code I download just to learn and I dont know where the people who post these have got them from or what kinda backdoors they have put in there so I would like to make sure I'm not gonna get in trouble for using anything I wasn't supposed to because of license and copyright issues!


Solution:1

To block certain IP addresses (or hostnames) from accessing your website, you could use Apache's Allow and Deny directives, something like what sukru said. But it's often considered more secure to completely block any communication (not just website access) between the selected IPs and your server - after all, if you have reason enough to keep them from accessing your website, you probably don't want them accessing other stuff on your server either. To enforce that kind of access, you'll have to use IPtables. There are many IPtables references online; I happen to have written one which might be of some use to you. The relevant commands would be

iptables -I INPUT --source xxx.xxx.xxx.xxx -j DROP  iptables -I OUTPUT --destination xxx.xxx.xxx.xxx -j DROP  

where xxx.xxx.xxx.xxx is the IP address you want to block. Run both these commands for each such address.


Solution:2

You need to update httpd.conf (or .htaccess if sufficient options are enabled)

<Location /url>    Order allow,deny    Allow from all    Deny from host1    Deny from host2    Deny from *.domain    ...etc  </Location>  

From documentation: link

Allow,Deny First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »