


How to add someone to IPTABLES DROP list when they access a URL?

Added by Harry over 14 years ago

Basically, I have a ton of spambots hitting a directory on my site, at least 600 times per minute. All random IP addresses. Is there a way I can have when someone accesses a defined file, it will perm IP ban them from my site?

Something similar to:
$HTTP["scheme"] == "http" {
url.redirect = ("^/IPban(.*)" => "iptables -A INPUT -s IP-ADDRESS -j DROP",
"^/IPblock(.*)" => "iptables -A INPUT -s IP-ADDRESS -j DROP")

I guess, just some way for lighttpd to call external commands?........ like iptables........... help please, I need to easily stop these bots! :-)

Replies (2)

RE: How to add someone to IPTABLES DROP list when they access a URL? - Added by tx over 14 years ago

keep in mind this way is too dangerous

$HTTP["scheme"] == "http" {
url.rewrite = (
"^/IPban(.*)" => "/ipban.php",
"^/IPblock(.*)" => "/ipban.php"


`sudo iptables -A INPUT -s ${$_SERVER['REMOTE_ADDR']} -j DROP`;


and in /etc/sudoers
www-data ALL:NOPASSWD: /sbin/iptables -A*

assume your php is running under user www-data
and you have sudo package

RE: How to add someone to IPTABLES DROP list when they access a URL? - Added by over 13 years ago

Use this script to block IPs. This script provides telnet interface to iptables.

Then, you write php script to communicate those service. You must use php socket to communicate.

Note: script has logging bugs, you must add flock command before write the log.
