Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/skx/mod_blacklist

A simple Apache module to blacklist remote hosts.
https://github.com/skx/mod_blacklist

apache2 blacklist c firewall security

Last synced: 2 months ago
JSON representation

A simple Apache module to blacklist remote hosts.

Host: GitHub
URL: https://github.com/skx/mod_blacklist
Owner: skx
Created: 2016-12-21T03:16:36.000Z (about 8 years ago)
Default Branch: master
Last Pushed: 2018-08-20T16:14:30.000Z (over 6 years ago)
Last Synced: 2024-10-02T10:12:27.326Z (3 months ago)
Topics: apache2, blacklist, c, firewall, security
Language: C
Homepage:
Size: 8.79 KB
Stars: 5
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

mod_blacklist
-------------

A simple Apache 2 module to blacklist remote visitors, by IP address.

Links
-----

* Github
* https://github.com/skx/mod_blacklist

About
-----

This is a simple Apache module which will perform an ACL check on each incoming HTTP request. If the remote visitor has been blacklisted each access will result in a `403` forbidden response.

Access is tested, trivially, via a lookup of their remote IP address in a particular directory, which defaults to `/etc/blacklist.d/`.

For example to blacklist the remote IP 1.2.3.4:

touch /etc/blacklist.d/1.2.3.4

This is 100% dynamic, and changes will be reflected immediately. Removing a previously blacklisted entry can be achieved via:

rm /etc/blacklist.d/1.2.3.4

Performance
-----------

The module is pretty lightweight, a single extra `stat()` call for each visitor will be made to perform the access-test.

In a low-traffic server, which is not otherwise I/O bound, this overhead should be minimal.

Compilation
-----------

Assume you have the appropriate Apache-development package(s) installed upon your host it can be compiled `apxs`:

apxs2 -c mod_blacklist.c

The `Makefile` does that for you.

Installation
------------

Once compiled copy the `.so` file from `.libs` to `/usr/lib/apache2/modules`, or your local module path.

To cause the module to be loaded by Apache create the file `/etc/apache2/mods-enabled/blacklist.load` with the following contents (adjusting your local path if different):

LoadModule blacklist_module /usr/lib/apache2/modules/mod_blacklist.so

If you wish to change the prefix-directory in which blacklisted IP addresses are stored then you can use the `BlacklistPrefix` setting. This is a global setting, which you could add to the file `/etc/apache2/mods-enabled/blacklist.conf`:

# Change the blacklist prefix.
BlacklistPrefix /root/blacklist.d/

Steve
--