When I go to view ‘web activity’ under apache 2 status in the control panel I have all these connections that appear to be trying to access a website on port 8080. This is a brand new server, and I just installed hestia cp on it clean with ubuntu 22.04… iptables has port 8080 blocked… I even went 1 step further and used ip6tables to ban this entire ipv6 subnet but the connections are still listed here… does anyone know how?
Those look like connections from your Nginx proxy.
Looks like its just people accessing the ip https://x.x.x.x/random-queries-here (user receives hestia 404 page on front end) and thats how it shows up… I wonder if there is an easy way to block those…
You can edit /etc/nginx/conf.d/a.b.c.d.conf (a.b.c.d is your server’s IP) and add a return 403 directive.
Something like this:
server {
listen a.b.c.d:80 default_server;
server_name _;
access_log off;
error_log /dev/null;
return 403;
location / {
proxy_pass http://a.b.c.d:8080
}
}
server {
listen a.b.c.d:443 default_server ssl;
server_name _;
access_log off;
error_log /dev/null;
ssl_certificate /usr/local/hestia/ssl/certificate.crt;
ssl_certificate_key /usr/local/hestia/ssl/certificate.key;
return 403;
location / {
root /var/www/document_errors/;
}
location /error/ {
alias /var/www/document_errors/;
}
}
1 Like