Sometimes it is necessary to block access to the server to entire hosts. This can be useful in order to protect the system from individual hosts or entire blocks of IP addresses, or to force the use of other servers. Use this command to do so:
deny <addrglob> <message_file>
deny will always deny access to hosts that match a given address.
addr_glob is a regular expression field that contains a list of addresses, either numeric or a DNS name. This field can also be a file reference, which contains a listing of addresses. If the address is a file reference, it must be an absolute file reference; that is, starting with a / . To ensure that IP addresses can be mapped to a valid domain name, use the !nameserver parameter.
A sample deny line resembles the following:
deny *.exodous.net /home/ftp/.message_exodous_deny
This entry will deny access to the FTP server from all users who are coming from the exodous.net domain, and will display the message contained in the file .message_ exodous_deny in the /home/ftp directory.
Was this article helpful?