lighttpd with tcp-wrappers | hvkls.dyndns.org
|
|
Search · Suche
|
Version: Sat, 18 Jul 2009 10:44:21 CEST
-
- Purpose
- TCP wrappers, better known by their frontends
/etc/hosts.allowand/etc/hosts.deny, are not supported by the webserver lighttpd. Here's how to make Lighty source/etc/hosts.denynonetheless, automatically.
-
- Layout of
/etc/hosts.deny - It must contain lines following this very scheme:
ALL: <IP address>- like
ALL: 12.34.56.78- Note the blank between the colon and the address.
- Layout of
-
- Setup of
/etc/lighttpd/lighttpd.conf(Debian standard) include_shell "/usr/share/lighttpd/include-conf-enabled.pl"- Alternatively, you could use
include "/etc/lighttpd/conf-enabled/10-block.conf"
- Setup of
-
- Setup of
/usr/local/sbin/lighdeny(made executable withchmod 0755 /usr/local/sbin/lighdeny) #!/bin/sh
BLOCK_PATH="/etc/lighttpd/conf-enabled"
BLOCK_FILE="10-block.conf"
DENY_HOSTS="/etc/hosts.deny"
[ ! -d ${BLOCK_PATH} ] && /bin/mkdir -p ${BLOCK_PATH}
[ ! -e ${BLOCK_PATH}/${BLOCK_FILE} ] && /bin/touch ${BLOCK_PATH}/${BLOCK_FILE} && /bin/sleep 1 && /bin/touch ${DENY_HOSTS}
[ ${DENY_HOSTS} -nt ${BLOCK_PATH}/${BLOCK_FILE} ] || exit 0
/usr/bin/awk '/^ALL/ { print "$HTTP[\"remoteip\"] == \"" $2 "\" { url.access-deny = ( \"\" ) }" }' ${DENY_HOSTS} > ${BLOCK_PATH}/${BLOCK_FILE} && /etc/init.d/lighttpd force-reload
- Setup of
-
- Setup of
/etc/crontab(for automation) */1 * * * * root /usr/bin/nice -n 19 /usr/local/sbin/lighdeny >/dev/null 2>&1
- Setup of
-
- Scripts to add and remove hosts to and from the blocklist
- Note: no checks are performed.
-
- Setup of
/usr/local/sbin/ipdeny(made executable withchmod 0755 /usr/local/sbin/ipdeny) #! /bin/sh
[ "$1" == "" ] && echo "Usage: ipdeny address" && exit 0
GO="yes"
grep "$1" /etc/hosts.deny && GO="no"
[ "${GO}" == "no" ] && exit 0
IP=$( echo "${IP}" | sed -e "s/\(.*\)\.$/\1.\*/" )
echo -n -e "# DenyHosts: $(date +'%a %b %e %H:%M:%S %Y') | ALL: $1\nALL: $1\n" >> /etc/hosts.deny- Setup of
/usr/local/sbin/ipallow(made executable withchmod 0755 /usr/local/sbin/ipallow) #! /bin/sh
[ "$1" == "" ] && echo "Usage: ipallow address" && exit 0
cp /etc/hosts.deny /etc/hosts.deny.ORIG && grep -ve "^$1$" /etc/hosts.deny.ORIG > /etc/hosts.deny && rm /etc/hosts.deny.ORIG
- Setup of