====== Block Traffic From a Particular Host ======

See also **[[networking:router:mikrotik_manual_blacklist|Manually Add and Remove IP Addresses to a Mikrotik Blacklist]]**

:!: You can use ''DROP'' or ''REJECT'' depending on what you want the blocked host to know.

<file>
iptables -I INPUT -s nnn.nnn.nnn.nnn -j DROP
</file>

Delete the rules:

<file>
iptables -D INPUT -s nnn.nnn.nnn.nnn -j DROP
</file>

Show the rules:

<file>
iptables -L INPUT
</file>

One-liner to block evil hosts grep'd from Apache error logs:

<file>
for ip in `grep spammer.com.br /var/log/httpd/error_log|egrep -o "client [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+"|sort |uniq|cut -f 2 -d " "`; do iptables -I INPUT -s $ip -j DROP; done
</file>

===== Block Hosts by User Agent String =====

http://en.linuxreviews.org/HOWTO_stop_automated_spam-bots_using_.htaccess

<file>
vim .htaccess
</file>

<file>
# Block bots by User Agent string
SetEnvIfNoCase User-Agent "^Mozilla\/4.0 \(compatible\; MSIE 6.0\; Windows NT 5.1\; SV1\)" bad_bot
# Block empty User Agent string
SetEnvIfNoCase User-Agent ^$ bad_bot
SetEnvIfNoCase User-Agent "^AESOP_com_SpiderMan" bad_bot
SetEnvIfNoCase User-Agent "^Alexibot" bad_bot
SetEnvIfNoCase User-Agent "^Zyborg" bad_bot

<Limit GET POST HEAD>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</Limit>
</file>

<file>
service httpd restart
</file>