Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » firewall » windows_troubleshooting
Trace:
networking:firewall:windows_troubleshooting

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:firewall:windows_troubleshooting [2016/03/23 13:33]
jcooper 		networking:firewall:windows_troubleshooting [2021/07/07 12:14] (current)
gcooper
Line 3: Line 3:
 ===== Enable Logging of port dropping packets ===== ===== Enable Logging of port dropping packets =====
  
-  - Control Panel -> Windows Firewall -> Advanced Settings +**Control Panel -> Windows Firewall -> Advanced Settings** 
-  Right click <file> Windows Firewall with Advanced Security on Local computer </file>+ 
 +Right click on the <file> Windows Firewall with Advanced Security on Local computer </file> and select Properties
  
 {{:networking:firewall:win_fw-troubleshooting.png|}} {{:networking:firewall:win_fw-troubleshooting.png|}}
Line 10: Line 11:
    
  
-  - On the  +  - On the Domain Profile Tab under Logging tab select Customize 
-  -  +{{:networking:firewall:domainprofiletab.png|}}
- +
- +
-One-liner to block evil hosts grep'd from Apache error logs: +
- +
-<file> +
-for ip in `grep Itau.com.br /var/log/httpd/error_log|egrep -o "client [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+"|sort |uniq|cut -f 2 -d " "`; do iptables -I INPUT -s $ip -j DROP; done +
-</file> +
- +
-===== Block Hosts by User Agent String =====+
  
-http://en.linuxreviews.org/HOWTO_stop_automated_spam-bots_using_.htaccess 
  
-<file> +   * Change Log dropped packets to yes Note the location of the log in the Name field.  Click OK, OK.  
-vim .htaccess +
-</file>+
  
-<file> +{{:networking:firewall:logdroppedpackets.png|}}
-# Block bots by User Agent string +
-SetEnvIfNoCase User-Agent "^Mozilla\/4.0 \(compatible\; MSIE 6.0\; Windows NT 5.1\; SV1\)" bad_bot +
-# Block empty User Agent string +
-SetEnvIfNoCase User-Agent ^$ bad_bot +
-SetEnvIfNoCase User-Agent "^AESOP_com_SpiderMan" bad_bot +
-SetEnvIfNoCase User-Agent "^Alexibot" bad_bot +
-SetEnvIfNoCase User-Agent "^Zyborg" bad_bot+
  
-<Limit GET POST HEAD> +  * Run the failing process then check the log for which port dropped packets.
-Order Allow,Deny +
-Allow from all +
-Deny from env=bad_bot +
-</Limit> +
-</file>+
  
-<file> 
-service httpd restart 
-</file> 
networking/firewall/windows_troubleshooting.1458761617.txt.gz · Last modified: 2016/03/23 13:33 by jcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki