I originally this posted at webmasters.stackexchange.com, but was told I'd get a better reception here.
For the last few days, I've been suffering from what appears to be a (presumably inadvertent) DDOS attack. I've been getting so many requests from an agent identifying as "Mozilla/4.0 (compatible; ICS)" that apache eats through all the available memory.
Consequently, I'd like to block all requests accompanied by this user agent, so I tried doing this in httpd.conf:
SetEnvIfNoCase User-Agent "Mozilla/4.0 (compatible; ICS)" bad_user
Deny from env=bad_user
But when I restart apache it complains about using deny here. Without having to wrap it in a location or directory block, which would mean I'd have to add a new block for each site, is there any way I can deny access to the whole server?
UPDATE: The error I get
- Restarting web server apache2
Syntax error on line 4 of /etc/apache2/httpd.conf: deny not allowed here [fail]
Looks like an old question now, but I wanted to do the same and found the answer from nerve above. It's not quite right as is - seems to me that it should be
<Location "/">, and theSetEnvIfneeds a regular expression so the parentheses need to be quoted.This worked for me to apply the access control across all vhosts:
Just include that before the vhost definitions.
mod_rewrite can be configured at the server level according to the docs:
Don't forget to escape the regex in the
RewriteCondProvided the syntax on the SetEnv lines is correct, you should be able to throw that in the conf like so:
Should allow that to operate across all the virtual hosts - just tested on 2.2.24, worked like a charm.