LockoutCommand — specify command to run in order to lock a client out of the site
The directive specifies the command (as it would be entered from the shell) that will somehow prevent the remote IP from accessing the Interchange catalog, or the whole system.
The IP address will be substituted for the first occurrence of the string
%s
(which might remind you of printf
format specifiers). The command will be executed under the Interchange user ID,
so you'll have to fine-tune the system privileges, or use
sudo-like tools.
Example: Preventing access to the system with ipfwadm
Put the following in interchange.cfg
:
LockoutCommand ipfwadm -I -i deny -S %s
Note that the ipfwadm filtering system was used in Linux 2.0.* kernels, and is now largely obsolete.
A script could be written which would modify the appropriate access control
files, such as .htaccess
(Web server-level)
or /etc/hosts.deny
(TCP Wrappers-level), to do another
level of lockout.
Even a simple command line along the lines of
perl -0777 -npi -e 's/deny/deny from %s\ndeny/'
/path/to/cgi-bin/.htaccess
would work as well.