Lighttpd

I recently set up an OpenVZ container and wanted to block all web traffic to to my lighttpd for IPs that denyhosts was adding to /etc/hosts.deny due to brute force attempts on SSH.

As far as I know you can't use iptables inside of an OpenVZ container. so I wanted to just make lighttpd use libwrap to deny access for anything inside of /etc/hosts.deny

I decided to write a simple module to do just that. it only adds a few lines to the basic skeleton module to do the libwrap init and acl check.

Time consuming things like reverse host lookup don't happen at all so long as /etc/hosts.allow and /etc/hosts.deny do not contain host names. as long as /etc/hosts.deny just contain IP addresses it only looks up the IP address of the client connecting with getpeername()

So far it seems to be working fine for me but I thought I would post about it here in case someone else might find it useful, or perhaps the maintainers would like to clean it up and add it to the project. You can find it at http://www.steubentech.com/~talon/blog/blosxom.cgi/2011/09/02#09-02-2011mod_tcpwrapper