Blocking IP with Apache Directive Required Not IP

Discussion in 'ISPConfig 3 Priority Support' started by pawan, Nov 5, 2017.

  1. pawan

    pawan Member HowtoForge Supporter

    I am using the
    apache-ultimate-bad-bot-blocker
    at GITHUB
    there is a blacklist-ips.conf included in Global-blacklist.conf folder. It seems to be working well except that IPs accessing form mobile are not getting blocked, may be a IPV6 IPV4 issue.
    Example:
    The below IP is in my Blocklist
    Blocked
    Code:
    78.46.81.83 - - [04/Nov/2017:04:05:44 +0530] "POST /vkzhekv HTTP/1.1" 403 632
    "http://lions322c2.org/vkzhekv" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)"
    Allowed
    Code:
    78.46.81.83 - - [05/Nov/2017:01:55:35 +0530] "POST /xjzgp HTTP/1.1" 200 437
    "http://lions322c2.org/xjzgp" "Mozilla/5.0 (Linux; Android 7.0; SAMSUNG SM-G935F Build/NRD90M) AppleWebKit/537.36
    (KHTML, like Gecko) SamsungBrowser/5.4 Chrome/51.0.2704.106 Mobile Safari/537.36"
    I am looking for any suggestion how I can make it work.

    Note: one can say that in the example those are two different files, one is available and one is not hence different results.
    but I have tested that myself. blocking my own Mobile IP doesn't seems to work, but if I connect the same to desktop by tethering the Mobile Internet and then block the Mobile IP, It works fine and is blocked.

    Additional Info:
    I have added my own IP to the blocklist:
    I get 403 forbidden error while accessing through browser, but 200 when using CURL and just changing the user agent to mobile.
    I am attaching the access.log here
    Code:
    117.247.67.106 - - [05/Nov/2017:23:17:19 +0530] "GET / HTTP/1.1" 302 348 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
    117.247.67.106 - - [05/Nov/2017:23:17:20 +0530] "GET / HTTP/1.1" 200 6758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
    117.247.67.106 - - [05/Nov/2017:23:18:47 +0530] "GET / HTTP/1.1" 403 629 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
    117.247.67.106 - - [05/Nov/2017:23:18:48 +0530] "GET /favicon.ico HTTP/1.1" 403 639 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0"
    180.76.15.146 - - [05/Nov/2017:23:22:07 +0530] "GET / HTTP/1.1" 200 6721 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
    117.247.67.106 - - [05/Nov/2017:23:26:50 +0530] "GET / HTTP/1.1" 200 49983 "-" "Mozilla/5.0 (Linux; Android 7.0; SAMSUNG SM-G935F Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/5.4 Chrome/51.0.2704.106 Mobile Safari/537.36"
    157.55.39.138 - - [05/Nov/2017:23:26:52 +0530] "GET / HTTP/1.1" 200 6758 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
    117.247.67.106 - - [05/Nov/2017:23:27:10 +0530] "GET / HTTP/1.1" 403 629 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
    117.247.67.106 - - [05/Nov/2017:23:27:11 +0530] "GET /favicon.ico HTTP/1.1" 403 639 "http://bankajewellers.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
     
    Last edited: Nov 5, 2017

Share This Page