Main Products: • FDSE • AXS • Guardian   Forum Contact Info About Site Map

 

©2013 FDSC All Rights Reserved

Using the "blacklist" rule

The "blacklist" rule is used to deny all access from a particular IP address. This rule is typically used in response to hostile probing activity.

The blacklist action will add an entry into the site's .htaccess file like so:

# Added by Guardian 2002-08-08 (url-substring:/secret/)
deny from 10.11.12.13

where "10.11.12.13" is the IP address of a visitor who tried to access the "/secret/" area. After this action has been triggered, all subsequent requests from that IP address will be returned as "403 Forbidden".

You should not allow too many "deny" directives to add up in the .htaccess file. Ideally you would clear out the automated "deny" directives every day or two (leaving permanent deny directives for those IP addresses which cause trouble day after day). If you are not able to periodically clean out your .htaccess file, then you should not use the "blacklist" rule.

Visitors who use a dial-up connection can usually work around the blacklist rule by reconnecting to the Internet. Visitors with a fixed IP address will not be able to access your site until you remove the deny directive for their IP.

For the "blacklist" rule to take effect, all of the following must be true:

• You must be using Guardian in Trial Shareware or Registered mode. The rule is not supported in Freeware mode.

• You must be on an Apache or Zeus server. Microsoft IIS does not support .htaccess files.

• The Apache or Zeus server must be configured to read .htaccess files and to support the "deny from" directives.

• The Guardian script must have permission to update the .htaccess file (either the file must have 666 permissions or the script must be running as set-user-id).

• The offending visit must not be from a visitor using a proxy server. If a proxy server was used to make the request, then Guardian will skip the deny action, because that would blacklist the proxy IP address and all users behind it.

  Guardian detects whether a proxy server was used by querying the HTTP_VIA environment variable.

• The offending visit must come from a visitor with an IP address other than 127.0.0.1. Localhost visitors will not be blacklisted, since a localhost IP address often means that a reverse proxy is in place, and that therefore all visitors share the same IP.

• The .htaccess file must be smaller than 32768 bytes. Guardian will not update .htaccess files that exceed this size (as of version 2.0.0.0009). To modify the size limit, edit subroutine max_htaccess_size in ag-shared.txt.

• If your .htaccess file contains a global "allow,deny" block, then it may override any individual "deny from IP" directives added by Guardian. A global block looks like this:

  <Limit GET POST>
  order deny,allow
  deny from all
  allow from all
  </Limit>

  These global blocks have no effect (except to mess up Guardian). They are often automatically added to .htaccess when installing Front Page extensions. For best results, remove the global block.

    "Using the "blacklist" rule"
    http://www.xav.com/scripts/guardian/help/1018.html