Do any of you folks do redirection by IP (within Apache) for people coming
to your website from different countries?
What do ye use? mod_geoip and/or a whole pile of mod_rewrite rules?
Is mod_geoip reliable/well-performing/accurate?
I used to use mod_geoip but recently dumped Apache for Cherokee (which has its own GEOIP logic).
I can't say I've had any performance problems with either but Cherokee is definitely easier to get set up.
Accuracy is pretty spot on but (obviously) neither cannot tell if somebody is browsing through a transparent proxy in another country.
Related
Let me start about Why...
Why
Since most people agree that the most effective way of blocking Ip's is by using a solution like iptables. So with that in mind why would i wanna block such a huge list directly in Apache. As a maintainer of servers and after investigating "unwanted traffic" trying to do all kinds of things that the online service isnt made for i started looking for a solution to stop that once and for all....
So in the past 2 years i identified all/most possible networks that produce "unwanted traffic".
These networks have no use on the online service at all and are bassicly bad for the environment when u look at all the energy and resources that they consume!
So in my attempt to remove all the power from these services i made a list of all worldwide hosting addresses and bussines connections that are outside of the targetted area from the online service (which means all business connections unless they are inside 2 targetted countries and all hosting addresses).
This resulted in almost 300k subnets which after combining the subnets resulted in almost 290k subnets left that i wanna block.
When using this list in a solution like iptables it would also block updating services so to prevent this it's better to use apache since it will then only affect apache and nothing else on this server, protecting an entire server is not inside the scope of this question.
Possible solutions
Adding the subnets to .htaccess (Don't rlly wanna go there since this will make apache reload the list on every request)
Using
RewriteEngine on
RewriteMap hosts-deny "txt:/path/to/hosts.deny"
RewriteCond "${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}" "!=NOT-FOUND" [OR]
RewriteCond "${hosts-deny:%{REMOTE_HOST}|NOT-FOUND}" "!=NOT-FOUND"
RewriteRule "^" "-" [F]
Works very well when using single addresses but converting 300k subnets to individual addresses doens't look very appealing to me, so unless this can be transformed to work with subnets this isn't going to work either.
Using expressions
RewriteCond expr "-R '12.345.678.90/28'"
This works untill i try to add more then 1 subnet, i think it goes wrong with RequireAll, RequireAny, RequireNone or the location it is placed.
Hopefully someone can shed a light on this and guide me towards the right way of implementing my solution.
I recently set up a subdomain on my website with the intention to soon clone my website for testing purposes. Subdomain was "beta", so beta.example.com
It was set up and password protected via htaccess and is directed through Cloudflare, it's about three days old and was never announced publicly (only I know of it).
Today I notice this on my Apache Server Stats page:
Also, CPU load was increasing and very, very high. Upon refreshing, this continued and is actually still continuing right now. Is this some sort of botting/brute force attack? I can't imagine how/why else so many IPs would be accessing this unlinked/private subdomain. I've since taken it down from Cloudflare DNS and the IPs are still connecting somehow, I assume it will take time for it to propagate.
Is this malicious? And how can it be prevented? I assume it was/is attempting to brute force the htaccess password? Is it because it's a common subdomain name? ("beta") - would it matter? Again, it's only been about three days so damn they work fast.
It can be search engine robots, It can be script kiddies, It can be brute force, you can have more information in your log file or by analyzing IP address.
I'm not sure to really understand your problem and what you want.
If you website is online, so yes some people/bots/robots will try to access to it, like any other website.
If you don't want than anybody access to your website, you can add an IP restriction.
I am currently hosting the contents of a site with ProviderA. I have a domain registered with ProviderB. I want users to access the contents (www.providerA.com/sub/content) by visiting www.providerB.com. A domain forward is easy enough and works as intended, however, unless I embed the site in a frame (which is a big no-no), the actual URL reads www.providerA.com/sub/content despite the user inputting www.providerB.com.
I really need a solution for this. A domain masking without the use of a frame. I'm sure this has been done before. An .htaccess domain rewrite?
Your help would be hugely appreciated! I'm going nuts trying to find a solution.
For Apache
Usual way: setup mod_proxy. The apache on providerB becomes a client to providerA's apache. It gets the content and sends it back to the client.
But looks like you only have .htaccess. So no proxy, you need full configuration access for that.
So you cannot, see: How to set up proxy in .htaccess
If you have PHP on providerB
Setup a proxy written in PHP. All requests to providerB are intercepted by that PHP proxy. It gets the content from providerA and sends it back. So it does the same thing as the Apache module. However, depending on the quality of the implementation, it might fail on some requests, types, sizes, timeouts, ...
Search for "php proxy" on the web, you will see a couple available on GitHub and others. YMMV as to how difficult it is to setup, and the reliability.
No PHP but some other server side language
Obviously that could be done in another language, I checked PHP because that is what I use the most.
The best solution would be to transfer the content to providerB :-)
Instead of having blog.domain.com, I'd like to have domain.com/blog. Is it possible to host domain.com on Heroku (for example) and domain.com/blog in another server?
I want to do this mostly for SEO reasons.
Thanks
You can use mod_rewrite to achieve that, but I don't think it's a good idea. Better make a subdomain - blog.domain.com
SEO is usually treated too serious, but, in fact, it won't give you significant improvement. Remember - content is the king.
I currently host my company's website and blog on separate servers, reached by separate domain names - www.example.com and www.example.net. This is so I can give blog server access to our partners without compromising security on our main server. However, our SEO guy is now demanding that the blog be put on our main server, as www.example.com/blog.
I would like to maintain the current server separation rather than putting both on the same server. Is there any good way to keep them separated, but have them both under a single domain name? A subdomain would also be acceptable (blog.example.com).
My main website server is a Debian box running Apache 2, and I have full root access to it. The blog server is run by Hostgator, and I have limited access.
Edit: Thanks, all. In this particular situation I don't particularly want to transfer the blog again, and I don't have easy access to the DNS records, so i went with mod_proxy and it worked like a charm. I wish I could give you all "preferred answer" status, though, because all of your information was awesome.
A subdomain would be easy: just create an A record in DNS which maps blog.example.com to the IP address of the blog server, and have another A record in DNS which maps www.example.com to the main website server (this latter record probably already exists).
Would the SEO guy be happy with blog.example.com? It's not the same from an SEO perspective, but it might be good enough for him. I work at a company where SEO is at least 1/3 of what we do, and that's our setup: blog.example.com and www.example.com.
You could try to get fancy and proxy requests to /blog to the 2nd server, if you insist on keeping the blog off your box, but I think you can find a secure way to share space. Proxying like that could get annoying, and it basically doubles the latency to your blog.
Give the blog guys an account on your box; don't give them root/special privileges. If you can get away with it, don't even give them SSH access -- just give them a FTP login (make sure they can't access /var/www), and maybe a mysql account or something. (As you can see, this all depends on how much control/power the blog folks demand.)
Then, just make a symlink to the blog root, so they can write to a restricted area like /home/blog/www and still have it included in the website:
ln -s ~blog/www /var/www/blog
If a subdomain is for some reason not a possible way for you to go, you could use Apache's mod_proxy module to proxy requests to /blog to your second server.