This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
networking:firewall:windows_troubleshooting [2016/03/23 13:33] jcooper |
networking:firewall:windows_troubleshooting [2021/07/07 12:14] (current) gcooper |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== Enable Logging of port dropping packets ===== | ===== Enable Logging of port dropping packets ===== | ||
- | - Control Panel -> Windows Firewall -> Advanced Settings | + | **Control Panel -> Windows Firewall -> Advanced Settings** |
- | | + | |
+ | Right click on the < | ||
{{: | {{: | ||
Line 10: | Line 11: | ||
- | - On the | + | - On the Domain Profile Tab under Logging tab select Customize |
- | - | + | {{:networking: |
- | + | ||
- | + | ||
- | One-liner to block evil hosts grep'd from Apache error logs: | + | |
- | + | ||
- | < | + | |
- | for ip in `grep Itau.com.br / | + | |
- | </ | + | |
- | + | ||
- | ===== Block Hosts by User Agent String ===== | + | |
- | http:// | ||
- | < | + | * Change Log dropped packets to yes. Note the location of the log in the Name field. |
- | vim .htaccess | + | |
- | </ | + | |
- | < | + | {{: |
- | # Block bots by User Agent string | + | |
- | SetEnvIfNoCase User-Agent " | + | |
- | # Block empty User Agent string | + | |
- | SetEnvIfNoCase User-Agent ^$ bad_bot | + | |
- | SetEnvIfNoCase User-Agent " | + | |
- | SetEnvIfNoCase User-Agent " | + | |
- | SetEnvIfNoCase User-Agent " | + | |
- | <Limit GET POST HEAD> | + | * Run the failing process then check the log for which port dropped packets. |
- | Order Allow, | + | |
- | Allow from all | + | |
- | Deny from env=bad_bot | + | |
- | </ | + | |
- | </ | + | |
- | < | ||
- | service httpd restart | ||
- | </ |