>Hello World ;) If you use or manage OVH dedicated servers, you probably know this excellent and cheap service : Load Balancing (LBIP or IPLB in French). This is an IP address carried directly by the OVH network which spreads traffic load across the IPs of your OVH dedicated servers / public cloud / private cloud or VPS. It improves performance during traffic spikes, tolerance in the event of failures and optimizes response times. Today you can connect 16 backends (http, https, tcp or udp) to your OVH LBIP and you can’t use it (for the moment) in a VRACK.

For more information on LBIP (in french) you can watch this video simple and realy usefull to understand how it works.

The problem : when you use this product, like other market load balancer, you can’t see « directly » hosts connected to your server but a private IP address used by the Load Balancer but you can configure this service with the OVH API to proxypass the ip address to your server.

But if you try to blacklist an ip address on your server with :

 iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP -v 

If you need to block an attack against your website you can also directly match content with iptables to block the attacker like :

 iptables -I INPUT 1 -p tcp --dport 80 -m string --algo bm --string "X-Forwarded-For: xxx.xxx.xxx.xxx" -j LOG_DROP 

You can also create a simple script to use a more friendly syntax, just enter this in to your .sh file :
 

#!/bin/sh
iptables -I INPUT 1 -p tcp --dport 80 -m string --algo bm --string "X-Forwarded-For: $1" -j DROP

./yourscript.sh xxx.xxx.xxx.xxx 

|xargs -l ./yourscript

Christophe Casalegno
You can follow me on : Twitter | Facebook | Linkedin | Telegram | Youtube