发表新帖
发表新帖

How to Block 100,000+ Individual IP addresses

后端 未结
关注
11 1239
长发绾君心
长发绾君心 2020-12-07 09:39

Introduction

How do you Block large number of IP address from your web application/server. Obviously that can easily be done in P

11条回答
  • 日久生厌
    日久生厌 (楼主)
    2020-12-07 10:21

    It seems that most of us agree to block at the firewall level.

    You could have a program that listens to your website for ips to block and generates a script:

    ip = getNextIpToBlock()
an = increment_unique_alphanum_generator()
script = generate_script(ip, an)

    script would look something like this (where [an] is an alphanumeric value and [ip] is the ip you block):

    en [enter]
*password* [enter]
conf t [enter]
access-list [an] deny ip [ip] 0.0.0.0 any [enter]
access-group [an] in interface outside [enter]

    Then you load this script to another program that executes remote telnet or ssh calls to your FW CLI.

    Don't forget to logout and maybe every 100 ips you copy the running config to start config.

    I don't know but you may want to know now what are the limitations for your firewall.

    Best,

    0 讨论(0)
 看不清?
提交回复
热议问题