How to block specific IPs in apache?

Question

I am having a java based application running in tomcat. It is an online app, the request first goes to apache and then redirects to tomcat.

Today I was not able to log into my application and I noticed warnings at catalina.out file. They said " An attempt was made to authenticate the locked user "root" "and " An attempt was made to authenticate the locked user "manager" "

In my localhost_access_log.2015-07-07.txt I found the below IP addresses trying to access the system.

83.110.99.198
117.21.173.36

I need to block these 2 IPS from accessing my system. The first IP is a well known blacklisted according to the anti-hacker-alliance . How can I do this thing?

FYI I am using apache 2, so the main configuration file is apache2.conf

(Please don't remove the IP addreses I listed above, as I need other developers to be aware of the threat as well)

Answer 1

If you're using VPC:

The best way to block traffic from particular IPs to your resources is using NACLs (Network Access Control Lists).

Do a DENY for All protocols INGRESS for these IPs. This is better than doing it on the server itself as it means traffic from these IPs will never even get as far as your instances. They will be blocked by your VPC.

NACLs are on the subnet level, so you'll need to identify the subnet your instance is in and then find the correct NACL. You can do all of this using the VPC Dashboard on the AWS console.

This section of the documentation will help you: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

Note that you will need to give the rule numbers for these 2 rules to block these 2 IPs a rule number that is less than the default rule number (100). Use 50 and 51 for example.

Answer 2

You can use an .htaccess file:

Order Deny,Allow
Deny from 83.110.99.198
Deny from 117.21.173.36

It's probably better to add this as a firewall rule though. are you using any firewall service now?