Block IP address in Z-Server?
Hi, is it possible to ban an ip address from accessing Zope? (similar to Apache's "Deny from" directive). There are some idiots doing ridiculous amounts of spidering against my site and I want to block their IP's. If not does anyone know of an os-level way to block it? (I'm running linux) thanks a lot -Kevin __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com
From: Kevin Lewandowski <kevinsl@yahoo.com> If not does anyone know of an os-level way to block it? (I'm running linux)
run the service (port 80) thru xinetd -- you can block it with that (or even, not totally block it but limit access per second, etc) and... you can admin it from Webmin.
On Wed, 5 Sep 2001, marc lindahl wrote:
From: Kevin Lewandowski <kevinsl@yahoo.com> If not does anyone know of an os-level way to block it? (I'm running linux)
run the service (port 80) thru xinetd -- you can block it with that (or even, not totally block it but limit access per second, etc)
Do you mean launching Zope through xinetd ? Isn't it a big performance loss ? thanks in advance. Jerome Alet - alet@unice.fr - http://cortex.unice.fr/~jerome Fac de Medecine de Nice http://wwwmed.unice.fr Tel: (+33) 4 93 37 76 30 Fax: (+33) 4 93 53 15 15 28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE
From: Jerome Alet <alet@unice.fr>
Do you mean launching Zope through xinetd ?
Isn't it a big performance loss ?
No, you wouldn't want to do that, since it takes a while to launch... run zope (via init.d for example), but also run xinetd, set up to intercept anything on port 80. What I do (since I'm currently just running zServer behind xinetd, no Squid yet), is redirect that (port 80 on any interface) to localhost:8080 and run zope to use that port... that way nothing can get around xinetd... there are lots of similar ways to do it. Then, you have all of xinetd's logging, blocking, etc. facilities.
On Thu, Sep 06, 2001 at 12:46:20PM -0400, marc lindahl wrote:
From: Jerome Alet <alet@unice.fr>
Do you mean launching Zope through xinetd ?
Isn't it a big performance loss ?
No, you wouldn't want to do that, since it takes a while to launch... run zope (via init.d for example), but also run xinetd, set up to intercept anything on port 80. What I do (since I'm currently just running zServer behind xinetd, no Squid yet), is redirect that (port 80 on any interface) to localhost:8080 and run zope to use that port... that way nothing can get around xinetd... there are lots of similar ways to do it. Then, you have all of xinetd's logging, blocking, etc. facilities.
What a good idea ! I didn't know that xinetd can do port redirections like that. thanks for the tip. Jerome Alet
Yep... check out the xinetd management from Webmin. You can set it up to redirect and run as user Zope or Nobody or whatever, it's pretty good.
From: Jerome Alet <alet@unice.fr>
What a good idea !
I didn't know that xinetd can do port redirections like that.
thanks for the tip.
Jerome Alet
The slowest method and least desirable method is to inside Zope use a site access rule, as described here: http://www.zopezen.org/SDot/989420528/index_html Cheers. -- Andy McKay. ----- Original Message ----- From: "Kevin Lewandowski" <kevinsl@yahoo.com> To: <zope@zope.org> Sent: Wednesday, September 05, 2001 1:06 PM Subject: [Zope] Block IP address in Z-Server?
Hi, is it possible to ban an ip address from accessing Zope? (similar to Apache's "Deny from" directive).
There are some idiots doing ridiculous amounts of spidering against my site and I want to block their IP's.
If not does anyone know of an os-level way to block it? (I'm running linux)
thanks a lot
-Kevin
__________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (4)
-
Andy McKay -
Jerome Alet -
Kevin Lewandowski -
marc lindahl