I have these errors in Apache log…
proxy:error] [pid 13317] (110)Connection timed out: AH00957: HTTP: attempt to connect to 210.86.231.64:80 (*) failed
[proxy_http:error] [pid 13317] [client 5.39.116.17:56290] AH01114: HTTP: failed to make connection to backend: simsodep.com
This goes on, repeated, ad infinitum. I forward proxy from Apache to JBoss.
In the :80 config…
SetEnvIfNoCase User-Agent "^ApacheBench/2.3" bad_bot
<Proxy https://exampledev.com/*>
Require all denied
Deny from env=bad_bot
Require ip 12.34.56.78
Require host exampledev.com
</Proxy>
Redirect permanent / https://exampledev.com
And in the :443 config…
<Proxy https://exampledev.com/*>
Require all denied
Deny from env=bad_bot
Require host exampledev.com
Require ip 12.34.56.78
</Proxy>
In my firewall, through ufw, I have…
To Action From
-- ------ ----
[ 1] 22 ALLOW IN Anywhere
[ 2] 443 ALLOW IN Anywhere
[ 3] 80 ALLOW IN Anywhere
[ 4] Anywhere DENY IN 210.86.231.64
[ 5] Anywhere DENY IN 5.39.116.17
[ 6] 22 (v6) ALLOW IN Anywhere (v6)
[ 7] 443 (v6) ALLOW IN Anywhere (v6)
[ 8] 80 (v6) ALLOW IN Anywhere (v6)
Why is my Apache 2.4 log file being filled with gigs from these proxy errors? What am I missing?
Best Answer
You need to fix your firewall rules order.
The order of firewall rules are very important as they are processed/matched in order. So, if there is an allow rule matched first, then the deny rule that comes later wont work as expected.
Change the rules so that the deny rules are on top or matched first before all other accept rules. They should look like this:
Well, of course this is not the optimal way of banning ip one at a time. Securing your Web server is a broader issue and there are many materials available online.
As for firewall, you can try fail2ban:
How To Protect an Apache Server with Fail2Ban on Ubuntu 14.04