Blocking large number of offensive hosts is possible by editing .htaccess, BUT this forces a restart each time a change is done and takes cpu from apache.
A better and more scalable method is use of a dns blocklist
I have been running libapache2-mod-defensible_1.4-3.2_amd64.deb
several years with good effects. All needed to adjust the list of blocked ip is to add to the
zonefile and "rndc reload" the promary dns server. All features of DNS is available including
replication via slave servers and caching in local resolving servers.
The above "mod-defensible" is not ported to freebsd ports. I am not sure i can do it, but
a skilled maintainer could probably do this quite easy.
Any takers ? I have at least one server running apache 2.4 to test/verify on.
A better and more scalable method is use of a dns blocklist
I have been running libapache2-mod-defensible_1.4-3.2_amd64.deb
several years with good effects. All needed to adjust the list of blocked ip is to add to the
zonefile and "rndc reload" the promary dns server. All features of DNS is available including
replication via slave servers and caching in local resolving servers.
The above "mod-defensible" is not ported to freebsd ports. I am not sure i can do it, but
a skilled maintainer could probably do this quite easy.
Any takers ? I have at least one server running apache 2.4 to test/verify on.