How to Block Unwanted User-Agent with Apache

T

TheMask

Verified User
Joined
Jan 20, 2011
Messages
142
18.163.215.233 - - [24/Jan/2022:12:54:57 +0300] "POST /admin/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "S-port: 39608"


I want to block entries like this. how can i do that

<Location ~ "/admin/">
Order allow,deny
Deny from all
ErrorDocument 403 "Sorry, you are not allowed to view this page!"
</Location>

this is not a good options. maybe "Ubuntu" or "Firefox/62.0" word good for blocking. bcause ubuntu and firefox/62 Words, same for all user-agents entries
 
Try the other way around.
deny,allow
deny from all

Try with a .htaccess file like this:
Code: 
<Directory "/admin">
 order deny,allow
 deny from all
</Directory>

Or do you want the deny in some custom vhost?
 
18.163.215.233 - - [24/Jan/2022:12:54:57 +0300] "POST /admin/ HTTP/1.1" 200 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "S-port: 39608"

this user-agent entry is botnet attack for opencart websites.

so i need server wide solution. and close /admin folder is not a good option.

Maybe it would be better to write a rule according to the words in the user-agent sentence. example: if the sentence contains the word ubuntu, the request will not work.
 
Last edited:
TheMask said:
Maybe it would be better to write a rule according to the words in the user-agent sentence. example: if the sentence contains the word ubuntu, the request will not work.
Click to expand...

Are these just your personal websites? If not, do you know for a fact that none of the webmasters on the server use Ubuntu on their machines? Otherwise, that's going to create a new problem.

There is a fix for this particular issue at https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=43261
 
We do not have a webmaster client using ubuntu. there is probably no one using ubuntu in the country.
 
You must log in or register to reply here.
Back
Top