For some time I've used mod_spamhaus to block comment spam, similar to how I deflect email spam. I'm OK with this because it only blocks POST, PUT, DELETE, and CONNECT requests, not GET requests.
Still, email spam is different than comment spam, so I setup mod_geoip to block users from anonymous proxies (that's the "A1" in the rewrite rule below). I'm also tracking countries codes in the logs to see if I can find out where most of the POSTs are coming from.
GeoIP Module Setup
<IfModule mod_geoip.c> GeoIPEnable On GeoIPDBFile /usr/share/GeoIP/GeoIP.dat MMapCache GeoIPOutput All GeoIPScanProxyHeaders On </IfModule>
Access Control
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(A1)$
RewriteRule . - [F,L]
Logs
LogFormat "\"%{X-FORWARDED-FOR}i\" \"%{PROXY-CONNECTION}i\" \"%{HTTP-PC-REMOTE-ADDR}i\" \"%{GEOIP_COUNTRY_CODE}e\" \"%r\"" proxy_info
NGINX Too!
What's extra cool is that NGINX has this capability too! Its even built into the latest debian package:
./configure --conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--with-debug \
--with-http_stub_status_module \
--with-http_flv_module \
--with-http_ssl_module \
--with-http_dav_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-mail \
--with-mail_ssl_module \
--with-ipv6 \
--with-http_geoip_module \
--add-module=$(CURDIR)/modules/nginx-upstream-fair
Oh cool - it has the static gzip module too!
