Blocked IP addresses getting through.
Posted: 09 Feb 2021, 22:07
Hi,
I am blocking China via CC deny plus some manual rules as well, but some connections are still getting through.
It appears blocking is active as a csf grep for the IP address shows it as blocked:
csf -g 111.202.101.113
No matches found for 111.202.101.113 in iptables
IPSET: Set:chain_DENY Match:111.202.101.113 Setting: File:/etc/csf/csf.deny
IPSET: Set:cc_cn Match:111.202.101.113 Setting:CC_DENY Country:CN
Permanent Blocks (csf.deny): 111.192.0.0/12 # China CN do not delete
However, this IP address that is supposedly blocked, is connecting to apache:
/usr/local/apache/domlogs/[redacted].com:111.202.101.113 - - [09/Feb/2021:15:34:23 -0600] "GET / HTTP/1.1" 301 - "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
Any suggestions as to why this connection/IP is getting through, especially as this is "double blocked" by both a manual and a CC deny?
Thanks
Steve
I am blocking China via CC deny plus some manual rules as well, but some connections are still getting through.
It appears blocking is active as a csf grep for the IP address shows it as blocked:
csf -g 111.202.101.113
No matches found for 111.202.101.113 in iptables
IPSET: Set:chain_DENY Match:111.202.101.113 Setting: File:/etc/csf/csf.deny
IPSET: Set:cc_cn Match:111.202.101.113 Setting:CC_DENY Country:CN
Permanent Blocks (csf.deny): 111.192.0.0/12 # China CN do not delete
However, this IP address that is supposedly blocked, is connecting to apache:
/usr/local/apache/domlogs/[redacted].com:111.202.101.113 - - [09/Feb/2021:15:34:23 -0600] "GET / HTTP/1.1" 301 - "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
Any suggestions as to why this connection/IP is getting through, especially as this is "double blocked" by both a manual and a CC deny?
Thanks
Steve