: Purpose of 408 Status Code I am seeing almost 3000 entries in access_log of my VPS for 408 status code. Here is an example. 86.220.66.228 - - [03/Apr/2016:08:39:12 -0400] "GET /?p=444 HTTP/1.1"

@Jamie184

It has been a long time since I have posted blocking code. I have not updated my IP database in a fairly long time. I have somewhat shutdown my abuse list after 8 years. But this should be close enough. It is certainly an example at least.

I recommend looking halfway down for the heading Block by IP Address Block.

The .htaccess code should work. I am relying on others example code for the rest. I am sure they all work with the possible exception of blocking by IP address block using IIS. It may still work. I have not tested it. I am sure there is a far better way to write the IIS code. Sorry.

Of course you can just wildcard your block code using something like this:

RewriteCond %{REMOTE_ADDR} ^86.220.*$ [NC]
RewriteRule .* - [F,L]


Block by IP Address

Apache .htaccess File

RewriteCond %{REMOTE_ADDR} ^86.220.66.228$ [NC]
RewriteRule .* - [F,L]


Cisco Firewall

access-list deny-86-220-66-228-32 deny ip 86.220.66.228 any
permit ip any any


Nginx

Edit nginx.conf and insert include blockips.conf; if it does not exist. Edit blockips.conf and add the following:

deny 86.220.66.228;


Microsoft IIS Web Server

<rule name="abort ip address 86.220.66.228/32" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^86.220.66.228$" />
</conditions>
<action type="AbortRequest" />
</rule>


Windows netsh ADVFirewall Firewall

netsh advfirewall firewall add rule name="block-ip-86-220-66-228-32" dir=in interface=any action=block remoteip=86.220.66.228/32


IP Address Range:

86.207.0.0 - 86.221.255.255


NetMask:

Block: 86.207.0.0/16
Base Address: 86.207.0.0
Broadcast Address: 86.207.255.255
Net Mask: 255.255.0.0
Host Mask: 0.0.255.255
Bits: 16
Size: 65536
2nd Element: 86.207.0.2

Block: 86.208.0.0/13
Base Address: 86.208.0.0
Broadcast Address: 86.215.255.255
Net Mask: 255.248.0.0
Host Mask: 0.7.255.255
Bits: 13
Size: 524288
2nd Element: 86.208.0.2

Block: 86.216.0.0/14
Base Address: 86.216.0.0
Broadcast Address: 86.219.255.255
Net Mask: 255.252.0.0
Host Mask: 0.3.255.255
Bits: 14
Size: 262144
2nd Element: 86.216.0.2

Block: 86.220.0.0/15
Base Address: 86.220.0.0
Broadcast Address: 86.221.255.255
Net Mask: 255.254.0.0
Host Mask: 0.1.255.255
Bits: 15
Size: 131072
2nd Element: 86.220.0.2


Block by IP Address Block

Apache .htaccess File

RewriteCond %{REMOTE_ADDR} ^86.(2*[0-2]+[7890123456789]+).([0-2]+[0-2]+[0-5]+[0-5]+).([0-2]+[0-5]+[0-5]+)$ [NC]
RewriteRule .* - [F,L]


Cisco Firewall

access-list deny-86-207-0-0-16 deny ip 86.207.0.0 0.1.255.255 any
access-list deny-86-208-0-0-13 deny ip 86.208.0.0 0.1.255.255 any
access-list deny-86-216-0-0-14 deny ip 86.216.0.0 0.1.255.255 any
access-list deny-86-220-0-0-15 deny ip 86.220.0.0 0.1.255.255 any
permit ip any any


Nginx

Edit nginx.conf and insert include blockips.conf; if it does not exist. Edit blockips.conf and add the following:

deny 86.207.0.0/16;
deny 86.208.0.0/13;
deny 86.216.0.0/14;
deny 86.220.0.0/15;


How to block by IP address block using Linux IPTables Firewall.

**Note: Use with caution.

/sbin/iptables -A INPUT -s 86.207.0.0/16 -j DROP
/sbin/iptables -A INPUT -s 86.208.0.0/13 -j DROP
/sbin/iptables -A INPUT -s 86.216.0.0/14 -j DROP
/sbin/iptables -A INPUT -s 86.220.0.0/15 -j DROP


Microsoft IIS Web Server

<rule name="abort ip address block 86.207.0.0/16" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^86.221..*..*$" />
</conditions>
<action type="AbortRequest" />
</rule>
<rule name="abort ip address block 86.208.0.0/13" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^86.221..*..*$" />
</conditions>
<action type="AbortRequest" />
</rule>
<rule name="abort ip address block 86.216.0.0/14" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^86.221..*..*$" />
</conditions>
<action type="AbortRequest" />
</rule>
<rule name="abort ip address block 86.220.0.0/15" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="^86.221..*..*$" />
</conditions>
<action type="AbortRequest" />
</rule>


Windows netsh ADVFirewall Firewall

netsh advfirewall firewall add rule name="block-ip-block-86-207-0-0-16" dir=in interface=any action=block remoteip=86.207.0.0/16
netsh advfirewall firewall add rule name="block-ip-block-86-208-0-0-13" dir=in interface=any action=block remoteip=86.208.0.0/13
netsh advfirewall firewall add rule name="block-ip-block-86-216-0-0-14" dir=in interface=any action=block remoteip=86.216.0.0/14
netsh advfirewall firewall add rule name="block-ip-block-86-220-0-0-15" dir=in interface=any action=block remoteip=86.220.0.0/15

Vote Up Vote Down