Re: hosts.deny: how do i test to see if hosts.deny is working

Steve Cousins wrote:


Monty loree wrote:

I am trying to block scraper sites from accessing my sites.
I have put a bunch ip addresses in my hosts.deny and I'm not sure if
they've blocked anything.


From your use of the word "sites" I'm guessing you are trying to block
certain IP's from accessing your Web servers. If this is the case, then
in order to use hosts.deny and hosts.allow your web server will need to
be able to work with TCP Wrappers. I don't think Apache will do this
(are you using Apache?). You will need to use the Limit directive in
your httpd.conf file instead of hosts.deny/hosts.allow.

Why not use iptables and protect all your server programs?

Or if you want to use hosts.deny, why not have hosts.deny deny everything
and use hosts.allow to selectively allow those sites you wish to hear from?
That way if you overlook something, you are (over)protected.

Then I put my own IP address into the hosts.deny to see if I could
block myself. that didn't work.

I would like to know if there is a log file or some other way to
verify that IP's that I've designated in hosts.deny are actually
getting blocked.


Yes. If it was working you would see entries in your /var/log/secure
log about refused connections.



--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 12:15:01 up 38 days, 14:45, 3 users, load average: 4.17, 4.26, 4.13
.

Relevant Pages