I have a service in my page (hosted behind an Oracle server) that is being attacked by specific IPs. I see this in the Apache logs:
201.17.83.xxx, 201.17.83.xxx 10.0.1.xxx - - [14/Jun/2024:10:46:58 -0300] "GET...
However, in my page using PHP, I can only detect the local Oracle IP 10.0.1.xxx: all requests are coming from 10.0.1.xxx, I see nothing external.
I tried to block 201.17.83.xxx with .htaccess, but it also sees only the local 10.0.1.xxx.
What can I do now to block the specific IP? Is that even possible? Maybe with cookies?
BTW: yes, yes, I know that IPs can be spoofed, but I have not seen this problem yet.
Deny from 201.17.83.xxx
, and it did not work. Yet,Deny from 10.0.1.xxx
worked, but of course is not reliable since Oracle keep changing the inner IP with each request. So.htaccess
only (seems to) see the internal IP. Maybe there is some other directive to access the original IP?