Any way to import a list of IPv4 addresses to be blocked?

One of my sites has been the target of a particularly lame DDoS since about 05:00 GMT today, in which the same request for the same page is coming in repeatedly from about 2700 different IPv4 addresses. The Apache2 log is abut 300MB of this garbage in the last ten hours.

I tried running grep to get every request matching the pattern, cut to keep the first 32 characters, then sort -u to remove the duplicates. That gives me a list of all the IP addresses spewing this garbage. I now want to block them all, as this is a site which I’m running out of my own pocket with no ads and no donations on bandwidth which costs me actual money.

I could go to Firewall → Tools → Access rules and bozo-bin every one of these individually, but there has to be a quicker way to just dump the entire 2700-address list and block them all at once. How?

1 Like

Would be much more efficient if we could just import the csv directly into an IP Access rule instead of resorting to a Firewall rule (which may or may not be available).

IP Access Rules are very old and I doubt anybody is maintaining it. It works as-is. They’re also one-liners and you’d have to add addresses and ranges one at a time.

Or…loop through the list using the API, though IP Access Rules might max out at 1000.

Maybe not much help, but are any of them on the same network where you can block the entire network? I have faced this many times over the years and I found the post below extremely useful. Note: you can also add the ASN for Google and block some of their cloud without blocking the Googlebot. Another note: I had initially put in the wrong post below. Below is now the correct post that I was referring to:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.