Best program for filtering access to website by IP address

[questorfla]

Looking for opinions on which application is best at keeping the traffic down somewhat.  MBAM has begun reminding me that there are bad placs out there.  Tghis is a small website that is only up for the people who work here to use.  If i blocked every IP not in the USA it would nto hurt anything.  May not help in the event anyone was intent on access anyway but beter to put my finger in the dike if it slows down the water even a little.   

We used to have a program called IP Block that we ran back when we hosted our on email server  but not sure it it would be appropriate for an apache web-server.

Thanks

[4wd]

You probably could use a GeoIP module for Apache and then grab the free MaxMind GeoLite Country database, or you can get a more accurate version of the database for $50, GeoIP2 Country.

As for a GeoIP module for Apache, (on Windows I'm guessing), I think I'll leave that bit to someone with more brain cells than me 

[Stoic Joker]

That seems like kind of an odd thing to need for a web server ... How much unwanted traffic are you getting??

Chances are if it's that high, there is a reason for it that needs to be solved...not filtered.

[questorfla]

Not sure how good it is yet, but will know soon.
The product fits the bill to a "T" and if it works they will be selling one to me for sure.
It is exactly the tool needed.
IF  it works
BeeThink  IP Blocker.

[questorfla]

That seems like kind of an odd thing to need for a web server ... How much unwanted traffic are you getting??

Chances are if it's that high, there is a reason for it that needs to be solved...not filtered.

-Stoic Joker (February 26, 2015, 06:15 PM)

not so much but it is annoying to see malwarebytes blocking a single ip as Malicious when it hits the sites over and over.
there are 100 sites total on one server

[Stoic Joker]

Um...

Tghis is a small website that is only up for the people who work here to use.

-questorfla (February 26, 2015, 02:30 PM)

So now we go from singular...

That seems like kind of an odd thing to need for a web server ... How much unwanted traffic are you getting??

Chances are if it's that high, there is a reason for it that needs to be solved...not filtered.

-Stoic Joker (February 26, 2015, 06:15 PM)

not so much but it is annoying to see malwarebytes blocking a single ip as Malicious when it hits the sites over and over.
there are 100 sites total on one server

-questorfla (February 27, 2015, 10:31 PM)

...To incredibly not singular.

Which compels me to re-stress the initial question ... What problem are we trying to solve??

I can't fathom that you have 100 sites for employee use only. So I'm guessing that you have a single site on a shared host for the staff to use. And under the as described circumstances...that's very (very...) bad...for your companies domain name.

Here's why: Some Email black lists - most actually - work off the IP address given in the MX records only. However others - and by that I mean just enough to really screw you royally - work off of the IP address of the root domain name. So, if MBAM - a strictly client side filter - is flagging your employee site domain name, then Your Mail Server IS Black Listed by those filters that block based on the reputation of the root domain name.

I'm currently going through this with one of our clients. Their Email - which is hosted by MS Exchange Online (e.g. Microsoft itself) - has a completely flawless reputation. Yet they consistently get blacklist rejections from certain domains that use the root domain based filtering, because their website is currently hosted on a shared host that has a hacked website that got the IP address they are all behind blacklisted. You don't need an IP filter...you need a new host.

[questorfla]

I'm sorry I guess i am not being clear on this yet.
The websites are more like Private FTP sites.  They are each reached by a different name in the web-link.  Going to the main IP gets you nowhere as it is blocked.  You have to enbter the sdite through a specifric ip/site name/sub-site/sub-site folder.
It is true that all these ARE served by the Same IP.

Malwarebytes alerts me when that IP is pinged or in other ways hit by an IP it considered "malicious"  I have no idea how it determines that but I trust the program.
There would be hundreds maybe thousands of legit IPS that give me no problem but i get an alert flag every time an IP considered as Malicious attempts to connect.
Whether it is trying to use the main ip, a subset of the domain entry points or whsatever, malware bytes it telling me i dont eant that IP connecting at all forany reason

I have seen these same warnings on a regular system doing nothing unusual.

I just wanted to see if "I" could block the IP address myself without depending on MBAM to do it.
on OUR web server we used to have a program called IP-BAN that would let you specific whole groups of IP's to simply deny access to to avoid DOS attacks

We are not having issues it just annoys me to see the MBAM waring popup

[Stoic Joker]

I just wanted to see if "I" could block the IP address myself without depending on MBAM to do it.
on OUR web server we used to have a program called IP-BAN that would let you specific whole groups of IP's to simply deny access to to avoid DOS attacks

We are not having issues it just annoys me to see the MBAM waring popup

-questorfla (March 02, 2015, 02:22 AM)

Okay... O_o How is MBAM responding to activity that is happening on the web (which is now sort of an FTP) server?? Are you running MBAM on the server itself? Because it's really not for that - unless you're talking about an entirely different MBAM than I'm thinking of.

[questorfla]

https://www.malwareb...usiness/antimalware/

I guess this is a new product maybe?  Anyway it said it was to be used as I am using it.
This is not a big deal, just an annoyance as MBAM plainly told me it blocked the malicious IP so I guess I could just ignore that even though the warning appears maybe 40 times in 5 minutes or less.  My plan was to do the same thing we did on the mail server with IPBAN.   But I am not sure they even have a current product.  2013 was the last year I see anything about them.

[Stoic Joker]

https://www.malwareb...usiness/antimalware/

I guess this is a new product maybe?  Anyway it said it was to be used as I am using it.

-questorfla (March 02, 2015, 10:58 AM)

That's still a strictly client side filter. It is not designed to be filtering traffic that is going to a server. It has a server component...yes ... But that is only for the centralized management of the client machines, and their client side traffic. If anything it may be getting confused by site requests flipping between internal and external IP addresses...causing it to FP.

[4wd]

@questorfla: What installation of Apache are you running?

Is it WAMP or some other flavour (and the version of it)?