Hi there everyone, I've got a couple forums getting hammered for weeks by a couple IP ranges that I'd like to block but am not sure how. I looked at the firewall portion of the panel but that looks to be just for opening and closing ports, perhaps. Specifically 47.82.*.* and 47.79.*.*. Thanks for your time!
that would work, until a reboot. if you install iptables-persistent you could save the iptables before a reboot, and they'll get reloaded on startup. i'm not sure how that works with temporary rules created and deleted by fail2ban, it may end up permanently banning ip's that should only be temporarily banned.. maybe you can create a new jail for fail2ban that loads and bans a blacklist file on startup like this.... https://n8wood.wordpress.com/2009/06/22/fail2ban-permanent-ssh-bans/
So it's http, right? If you're on apache you can block them in this way on htaccess Deny from 192.168.1.1 If you're on nginx you can block them in this way on your nginx.conf deny 192.168.1.1;
That will still cost way more ressources as the webserver will than have to handle the connection. The earlier the unwanted traffic can be blocked the better.
In my opinion, for isolated incidents like a few users spamming forum posts (rather than a coordinated attack), a web server-level block can be a sufficient and immediate solution. However, should the unwanted traffic increase in intensity, migrating to a firewall-level block becomes the recommended approach for superior resource efficiency, scalability, and security
You can add your rule also in Code: /etc/ufw/before.rules Then the rule will remain even after a reboot.
