Forum

I'm trying to block people from scanning my site. When i test remote server it doesn't seem to ban. on my local test box it works. same Hiawatha ver. Same config.

# Hiawatha main configuration file
#


# GENERAL SETTINGS
#
ServerId = www-data
ConnectionsTotal = 250
ConnectionsPerIP = 20
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
ExploitLogfile = /var/log/hiawatha/exploit.log
LogFormat = extended

# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
	Port = 80
#	Interface = 127.0.0.1
	MaxKeepAlive = 120
	TimeForRequest = 120,200
	MaxRequestSize = 5000
}
#
#Binding {
#	Port = 443
#	Interface = ::1
#	MaxKeepAlive = 30
#	TimeForRequest = 3,20
#	SSLcertFile = hiawatha.pem
#}


# BANNING SETTINGS
# Deny service to clients who misbehave.
#
BanOnGarbage = 300
BanOnMaxPerIP = 60
BanOnFlooding = 30/1:35
#BanOnMaxReqSize = 300
KickOnBan = yes
RebanDuringBan = yes


# COMMON GATEWAY INTERFACE (CGI) SETTINGS
# These settings can be used to run CGI applications. Use the 'php-fcgi'
# tool to start PHP as a FastCGI daemon.
#
#CGIhandler = /usr/bin/perl:pl
#CGIhandler = /usr/bin/php-cgi:php
#CGIhandler = /usr/bin/python:py
#CGIhandler = /usr/bin/ruby:rb
#CGIhandler = /usr/bin/ssi-cgi:shtml
#CGIextension = cgi
#
FastCGIserver {
	FastCGIid = PHP5FPM
	ConnectTo = 127.0.0.1:9000
	Extension = php, php5
	SessionTimeout = 30
}


# URL TOOLKIT
# This URL toolkit rule was made for the Banshee PHP framework, which
# can be downloaded from http://www.hiawatha-webserver.org/banshee
#

UrlToolkit {
    ToolkitID = wordpress
    RequestURI exists Return
    Match .* Rewrite /index.php
}


UrlToolkit {
  ToolkitID = ban_scanner
  Match ^/(phpmyadmin|pma|mysql|setup|install) Ban 600
}

# DEFAULT WEBSITE
# It is wise to use your IP address as the hostname of the default website
# and give it a blank webpage. By doing so, automated webscanners wont find
# your possible vulnerable website.
#
Hostname = 127.0.0.1
WebsiteRoot = /var/www
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
#ErrorHandler = 404:/error.cgi


VirtualHost {
    Hostname = ****.***, www.****.***
    WebsiteRoot = /home/*****/domain.com
    StartFile = index.php
    AccessLogfile = /home/****/logs/access.log
    ErrorLogfile = /home/****/logs/error.log
    TimeForCGI = 10
    UseFastCGI = PHP5FPM
    UseToolkit = wordpress
    UseToolkit = ban_scanner
	DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
	ErrorHandler = 404:/index.php
	PreventCSRF = yes
	PreventXSS = yes
	DenyBot = ZmEu:/
	DenyBot = Toata:/
	DenyBot = Baiduspider:/
	DenyBot = Baiduspider/2.0:/
	DenyBot = Curl:/
	DenyBot = Nmap:/
}

Hiawatha version: v7.6
Operating System: Debian 6 32bit

Resovled>
Seems the issue was with the rewrite was before the ban toolkit

so moving the toolkits fixed the issue

UseToolkit = wordpress
UseToolkit = ban_scanner

to


UseToolkit = ban_scanner
UseToolkit = wordpress

Good to hear that your problem is solved. Sorry for not responding to your question. I must have missed your post.