I would like to be able to deny specific IPs from ever hitting my Apache web
server. I can Deny them via the httpd.conf file, but that only stops them
from getting my pages, they still know the server exists.

I tried via the IP Security Policies in MMC but my test computer still
showed up in the Apache log. Since I have port 80 forwarded through my SOHO
router to my WebServer, is it possible to actually deny a specifi IP from
seeing open port?

Any suggestions of a non overly intrusive software firewall, or a built in
ACL, or filter would be greatly appriciated.

Ipsec should work if configured correctly and will block the IP at the
network layer before the application ever sees it. The link below may help
with ipsec filtering policy configuration. Your SOHO router may or may not
be able to do what you want depending on it's capabilities. "Real" firewalls
would allow you to add a firewall rule that blocks access from a specific IP
and the ordering of firewall rules is important to make sure the more
specific rules are processed before the general rules. Ipsec rules are not
dependant on the order they are listed but instead are assigned a weight
with more specific rules taking precedence over general rules. Let me know
if you still have problems with ipsec. --- Steve

http://www.securityfocus.com/infocus/1559

"Yogi_Bear_79" <nospam@spamsux.com> wrote in message
news:lKmdnescWvm_rQveRVn-rw@comcast.com...
>I would like to be able to deny specific IPs from ever hitting my Apache
>web server. I can Deny them via the httpd.conf file, but that only stops
>them from getting my pages, they still know the server exists.
>
> I tried via the IP Security Policies in MMC but my test computer still
> showed up in the Apache log. Since I have port 80 forwarded through my
> SOHO router to my WebServer, is it possible to actually deny a specifi IP
> from seeing open port?
>
> Any suggestions of a non overly intrusive software firewall, or a built in
> ACL, or filter would be greatly appriciated.
>

Steve,

While I am reading the page you sent me, I wanted to let you know that
my SOHO is a Linksys BEFCMU10. It appears the the FIREWALL portion is only
for outbound..Seems odd that it wouldn't filter inbound



"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:WpSdnUt1s9kfqgvenZ2dnUVZ_sqdnZ2d@comcast.com. ..
> Ipsec should work if configured correctly and will block the IP at the
> network layer before the application ever sees it. The link below may help
> with ipsec filtering policy configuration. Your SOHO router may or may not
> be able to do what you want depending on it's capabilities. "Real"
> firewalls would allow you to add a firewall rule that blocks access from a
> specific IP and the ordering of firewall rules is important to make sure
> the more specific rules are processed before the general rules. Ipsec
> rules are not dependant on the order they are listed but instead are
> assigned a weight with more specific rules taking precedence over general
> rules. Let me know if you still have problems with ipsec. --- Steve
>
> http://www.securityfocus.com/infocus/1559
>
> "Yogi_Bear_79" <nospam@spamsux.com> wrote in message
> news:lKmdnescWvm_rQveRVn-rw@comcast.com...
>>I would like to be able to deny specific IPs from ever hitting my Apache
>>web server. I can Deny them via the httpd.conf file, but that only stops
>>them from getting my pages, they still know the server exists.
>>
>> I tried via the IP Security Policies in MMC but my test computer still
>> showed up in the Apache log. Since I have port 80 forwarded through my
>> SOHO router to my WebServer, is it possible to actually deny a specifi IP
>> from seeing open port?
>>
>> Any suggestions of a non overly intrusive software firewall, or a built
>> in ACL, or filter would be greatly appriciated.
>>
>
>

"Yogi_Bear_79" <nospam@spamsux.com> wrote in message
news:lKmdnescWvm_rQveRVn-rw@comcast.com...
> I would like to be able to deny specific IPs from ever hitting my
Apache web
> server. I can Deny them via the httpd.conf file, but that only stops
them
> from getting my pages, they still know the server exists.
>
> I tried via the IP Security Policies in MMC but my test computer still
> showed up in the Apache log. Since I have port 80 forwarded through
my SOHO
> router to my WebServer, is it possible to actually deny a specifi IP
from
> seeing open port?
>
> Any suggestions of a non overly intrusive software firewall, or a
built in
> ACL, or filter would be greatly appriciated.
>

Trying to keep your ISP from discovering you have a web server ?

I know Comcast in the past has often probed looking for that sort
of stuff.