Monthly Archives: October 2013

Analyze IP addresses accessing your Apache server

The awk command below retrieves the first column of your apache log file which contains the IP address of the browser accessing your host (if you have a virtual host setup with the vhost_combined CustomLog you should retrieve column 2 instead).

After retrieving the column it is sorted and all unique values are determined and counted. After that the list of unique values and there count is sorted (reverse) to get the top list of IP’s.

awk '{ print $1}' $LOGFILE | sort | uniq -c | sort -nr > $DEST

1	awk '{ print $1}' $LOGFILE \| sort \| uniq -c \| sort -nr > $DEST

Output of this statement:

606 188.203.177.225
502 84.87.80.237
376 86.81.89.200
365 24.132.181.21
295 94.212.84.128
279 86.81.89.250
251 94.212.208.48
235 85.150.175.72
226 94.212.194.142

606 188.203.177.225

502 84.87.80.237

376 86.81.89.200

365 24.132.181.21

295 94.212.84.128

279 86.81.89.250

251 94.212.208.48

235 85.150.175.72

226 94.212.194.142

Apache deny and allow access from ipaddress

Leave a reply

With help of a .htaccess file we can deny or allow access from a specific ip address or range of ip addresses.

Deny access from all IP addresses in the range 192.168.2.*:

<Limit GET HEAD POST>
order allow,deny
allow from all
deny from 192.168.19.
</Limit>

order allow,deny

allow from all

deny from 192.168.19.

</Limit>

The line order allow,deny means that Apache should first evaluate the allow entries (which states that everyone is allowed access) and then the deny entries (which states that the range 192.168.19.* is denied access). Effectively this means that the range 192.168.19.* is denied access.

Order of evaluation is allow, deny; so this means:
allow access from all
deny access from 192.168.19.

Allow only access from the IP range 192.168.19.*:

<Limit GET HEAD POST>
order deny,allow
allow from 192.168.19.
deny from all
</Limit>

order deny,allow

allow from 192.168.19.

deny from all

</Limit>

Order of evaluation is deny, allow; so this means:
deny access from all
allow from 192.168.19.

Setup proxy ignore list on Ubuntu

Leave a reply

Follow these steps to change the proxy ignore list on your Ubuntu installation:

1. Install the dconf-editor:

sudo apt-get install dconf-tools

1	sudo apt-get install dconf-tools

2. Start the dconf-editor and navigate to System -> Proxy; add your hosts to ignore to the ignore-hosts value.

Logoff and logon for changes to take effect

Your can inspect your current settings with:

env | grep proxy

1	env \| grep proxy

apt-get through socks5 proxy

Leave a reply

Enable temporary proxy for apt-get by editing (create it if not exist /etc/apt/apt.conf and add the line (change username, password, host and port):

Acquire::http::Proxy "http://uname:upwd@yourhost:port/";

1	Acquire::http::Proxy "http://uname:upwd@yourhost:port/";

Install the tsocks application:

sudo apt-get install tsocks

1	sudo apt-get install tsocks

Remove the line added in the step before from from /etc/apt/apt.conf

Edit the /etc/socks.conf file and change the default server to the IP address of your socks server (a domain name does not work!); if applicable also change the port number for your socks connection.

Now to use this new socks proxy go ahead and execute:

sudo tsocks apt-get update

1	sudo tsocks apt-get update

Even though you have removed the proxy settings from the /etc/apt/apt.conf file this should still update your apt list.

bjdejong BLOG

About Linux / Ubuntu / CSS / HTML / C# / Security and everything else…….

Monthly Archives: October 2013

Analyze IP addresses accessing your Apache server

Apache deny and allow access from ipaddress

Setup proxy ignore list on Ubuntu

apt-get through socks5 proxy