18 Aug
2002
18 Aug
'02
6:52 p.m.
Raphael Mankin wrote:
As has been mentioned, ErrorDocument does part of what you want. The problem is that in order to run ipchains/iptables you have to be root - Apache does not run as root. You therefore need a suid script to do the job, and suid scripts always make me a bit twitchy.
How about sudo? Is that more secure?
If someone does manage to hack in to be the apache user, all they'll be able to do is add addresses to the firewall block list. I'd expect that at some point they'd make a mistake and block out their own IP ;-)
Neil (writing this on ps2linux acting as X display for mozilla running on linux server. Cool :-)