In case you need to quickly ban a list of IP addresses from connecting to your server, iptables is perfect for the job. iptables is a user-space firewall that can control incoming and outgoing connections with policies and filter rules. Blocking ingress from a single IP is easily done with a single iptables rule. We can use this same command to automate the creation of many rules with a bash script that will read our list of IP addresses from a file.

When running an Apache web server, you can find yourself in a situation where you need to capture and log POST data to do some analysis and perhaps to investigate a bad actor to determine a fingerprint pattern. This can be done with the mod_security module, which is a powerful web application firewall that also provides HTTP traffic monitoring, logging and analysis capabilities. Although this can also be done with mod_dumpio, I wanted to be able to create rulesets to shape the traffic after doing the analysis.