Our site is experiencing a denial of service attack, spam, or getting hacked. How to block IP addresses at the Apache HTTP Server (AEM Dispatcher) level?
Most Web Application Firewalls (WAF), such as mod security, can block lists of IP addresses. However, if you are running Apache HTTP Server and would like to block IP’s immediately follow these steps(Not Applicable on AEM as a Cloud Service):
block-offending-ips.confon your server
A. If the request is proxied (via CDN, Load Balancer, etc) and the remote user’s IP is only in a Header such as
X-Forwarded-For then this configuration can be used. Note that this configuration doesn’t apply if the
remoteip_module is configured.
LocationMatch "/.*" Order Allow,DenyAllow from allSetEnvif X-Forwarded-For "10\.42\.137\.123" DenyAccessSetEnvif X-Forwarded-For "122\.6\.218\.101" DenyAccess#Repeat the "SetEnvlf X-Forwarded-For ..." for each IP you want to blockDeny from env=DenyAccess /LocationMatch
B. Alternatively, if the remote user is directly accessing Apache or you are using
remoteip_module (see 1) to extract and set it within Apache then you can use
mod_authz_core’s Require feature directly (Apache 2.4).
LocationMatch "/.*" RequireAllRequire all grantedRequire not ip 10.42.137.123Require not ip 126.96.36.199#Repeat the "Require not ip ..." for each IP you want to block /RequireAll /LocationMatch
Drop the file
/etc/conf.d folder of the Apache Web server.
Restart the Apache HTTP Server.