So, I see these Apache access.log entries coming in every minute:
mydomain.com:80 95.211.199.153 - - [19/Apr/2023:23:34:28 +0000] "GET /index.html HTTP/1.1" 200 1425 "-" "Leaf/52 CFNetwork/1402.0.8 Darwin/22.2.0"
So I like to deny that IP address.
My Debian ("… 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux") uses ufw, and uwf status shows:
# ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
WWW Full ALLOW Anywhere
WWW ALLOW Anywhere
WWW Secure ALLOW Anywhere
2235 ALLOW Anywhere
1194/udp ALLOW Anywhere
5432/tcp ALLOW Anywhere
Anywhere DENY 31.204.152.226
OpenSSH (v6) ALLOW Anywhere (v6)
WWW Full (v6) ALLOW Anywhere (v6)
WWW (v6) ALLOW Anywhere (v6)
WWW Secure (v6) ALLOW Anywhere (v6)
2235 (v6) ALLOW Anywhere (v6)
1194/udp (v6) ALLOW Anywhere (v6)
5432/tcp (v6) ALLOW Anywhere (v6)
5432/udp (v6) ALLOW Anywhere (v6)
5433/tcp (v6) ALLOW Anywhere (v6)
5434/tcp (v6) ALLOW Anywhere (v6)
The problem is that I still keep getting the http queries every minute despite this.
What do I do wrong?
When I check iptables -L, I get a long list, about 180 lines, but none of them mention that IP address.
I did set up ufw years ago because I had installed something that said I should use it, but I find it hard to use, partially because help is hardly available (no man page, and no cmdline help for specific cmds as far as I can figure out).
I'm a rather inexperienced linux admin - I only set up a linux system to run some basic services (Apache, gitlab, postgresql). I'm a bit over my head here.
I also looked for related answers:
The server is a virtual one on digitalocean, in case that matters.
