IBBoard<p>Okay, this SEEMS to work. The database is just the start addresses for lots of /8, /16, /24 or /32 ranges (depending on the size of the requested block - e.g. a /22 range gets written as the start address for four /24s) taken from <a href="https://www.okean.com/antispam/iptables/rc.firewall.china" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">okean.com/antispam/iptables/rc</span><span class="invisible">.firewall.china</span></a> and mapped to "BLOCKED" and then built into a database file with `httxt2dbm`.</p><p>```<br># Extract IP parts<br>RewriteCond %{REMOTE_ADDR} ^((([0-9]+)\.[0-9]+)\.[0-9]+)\.[0-9]+$<br>RewriteRule . - [E=subnet8:%3.0.0.0,E=subnet16:%2.0.0,E=subnet24:%1.0,E=subnet32:%0]</p><p># Tarpit provided by a Mastodon user - <a href="https://mastodon.social/@pcarrier/112429748041537087" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@pcarrier/1124</span><span class="invisible">29748041537087</span></a><br># We don't have access to mod_cspnonce yet, so fudge a random-ish value<br>RewriteCond ${greatfirewall:%{ENV:subnet8}} =BANNED [OR]<br>RewriteCond ${greatfirewall:%{ENV:subnet16}} =BANNED [OR]<br>RewriteCond ${greatfirewall:%{ENV:subnet24}} =BANNED [OR]<br>RewriteCond ${greatfirewall:%{ENV:subnet32}} =BANNED<br>RewriteRule . <a href="https://srv.us/tarpit?nonce=" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">srv.us/tarpit?nonce=</span><span class="invisible"></span></a>%{REMOTE_PORT}%{TIME} [L,E=donotlog:1,R=301]<br>```</p><p>(`donotlog` is used later to avoid logging, because when they hit so hard and so often then I don't need that bloat in my server logs!)<br>Not yet worked out why it only seemed to work within <VirtualHost> blocks.</p><p><a href="https://hachyderm.io/tags/Apache" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache</span></a> <a href="https://hachyderm.io/tags/Apache2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apache2</span></a> <a href="https://hachyderm.io/tags/ModRewrite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ModRewrite</span></a> <a href="https://hachyderm.io/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spam</span></a> <a href="https://hachyderm.io/tags/AbusiveBots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AbusiveBots</span></a></p>