[Server-devel] Question on number of iptables rules

Anna aschoolf at gmail.com
Wed Feb 2 18:49:46 EST 2011

On Wed, Feb 2, 2011 at 9:24 AM, Martin Langhoff
<martin.langhoff at gmail.com>wrote:

> On Tue, Feb 1, 2011 at 6:28 PM, Anna <aschoolf at gmail.com> wrote:
> > My test XS at home has a FQDN and is open to the outside.  Therefore this
> is
> > probably a pretty rare issue in XS land, but I thought I'd ask.
> In general, I'd keep it closed. It's not designed as a full internet
> server.
I do try to stay under the radar as much as possible.  I don't post the URL
anywhere.  I'm not even listed on the wiki as a Jabber server, relying on
word of mouth.  And what fun is having an XO chat server if other folks
can't join in?  Also, playing around with Moodle and Statusnet and stuff
like that is a lot more fun when there are other users.

> > Here's my question - is the XS networking going to get wonky with 894
> extra
> > iptables rules?
> Short answer - no.
Great!  I'm very glad to hear that.

I still had bots with empty user agent strings originating from the UK, US,
Italy, Spain, etc.  And I wanted to go ahead and block all bots who identify
themselves as such.

I put this in /var/www/html/.htaccess

SetEnvIf User-Agent ^-$ block=1
SetEnvIf User-Agent ^$ block=1
SetEnvIfNoCase User-Agent "(bot|spider|spyder|yahoo)" block=1
Order allow,deny
Allow from all
Deny from env=block

Now all blank user agent strings and even Googlebot get a 403.  (The User
Agent Switcher addon for Firefox is quite handy to test that with.)  I'll
probably have to add to the user agent list, but that should take care of
most of it for now.

Anna Schoolfield
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/server-devel/attachments/20110202/97492972/attachment.htm 

More information about the Server-devel mailing list