One of my sites has been the target of a particularly lame DDoS since about 05:00 GMT today, in which the same request for the same page is coming in repeatedly from about 2700 different IPv4 addresses. The Apache2 log is abut 300MB of this garbage in the last ten hours.
I tried running grep to get every request matching the pattern, cut to keep the first 32 characters, then sort -u to remove the duplicates. That gives me a list of all the IP addresses spewing this garbage. I now want to block them all, as this is a site which I’m running out of my own pocket with no ads and no donations on bandwidth which costs me actual money.
I could go to Firewall → Tools → Access rules and bozo-bin every one of these individually, but there has to be a quicker way to just dump the entire 2700-address list and block them all at once. How?
Maybe not much help, but are any of them on the same network where you can block the entire network? I have faced this many times over the years and I found the post below extremely useful. Note: you can also add the ASN for Google and block some of their cloud without blocking the Googlebot. Another note: I had initially put in the wrong post below. Below is now the correct post that I was referring to: