What is best way to block IP making requests to specific URL?

in

inspiredearth Aug. 6, 2022, 9:23 p.m. #1

HI folks,
I am diving into setting up firewall security on a server I’ve got CyberPanel installed on.

Basically, I want to detect when attempts are made to access a specific URL (which actually doesn’t exist, hence I know it’s a bot / hack attempt), and then ban the IP making the attempted request.

I have installed CSF and ModSecurity.

I’d like to block the IP making requests to cpanel.thedomain.com, and to do it before LiteSpeed has to deal with the request, to eliminate the server load hundreds of requests to that domain is having.

ke

kevin Aug. 7, 2022, 10:23 p.m. #2

You can do it on your gateways firewall or with CSF. since you already installed CSF check the firewall tab and you will find what you ae looking for.

in

inspiredearth Aug. 7, 2022, 10:37 p.m. #3

Thanks @theshadowfang,
I wasn’t clear enough in my original question. What I’d like to do is first detect what IP is trying to request a specific domain, and then automatically block that particular IP (since it changes a lot).

Whilst I am still interested in how to go about doing that (as part of me improving my firewall skills … for this particular issue I’ve since realised I can simply have the domain owner remove the old sub-domain entries in their DNS records. That was the requests won’t make it past the DNS lookup. I should have thought of that before.

sh

shoaibkk Aug. 9, 2022, 11:57 a.m. #4

block ip from the litespeed webserver dashboard