I originally this posted at webmasters.stackexchange.com, but was told I'd get a better reception here.
For the last few days, I've been suffering from what appears to be a (presumably inadvertent) DDOS attack. I've been getting so many requests from an agent identifying as "Mozilla/4.0 (compatible; ICS)" that apache eats through all the available memory.
Consequently, I'd like to block all requests accompanied by this user agent, so I tried doing this in httpd.conf:
SetEnvIfNoCase User-Agent "Mozilla/4.0 (compatible; ICS)" bad_user
Deny from env=bad_user
But when I restart apache it complains about using deny
here. Without having to wrap it in a location
or directory
block, which would mean I'd have to add a new block for each site, is there any way I can deny access to the whole server?
UPDATE: The error I get
- Restarting web server apache2
Syntax error on line 4 of /etc/apache2/httpd.conf: deny not allowed
here
[fail]
Best Answer
Looks like an old question now, but I wanted to do the same and found the answer from nerve above. It's not quite right as is - seems to me that it should be
<Location "/">
, and theSetEnvIf
needs a regular expression so the parentheses need to be quoted.This worked for me to apply the access control across all vhosts:
Just include that before the vhost definitions.