On Monday, 11 January 2021 23:05:55 GMT thelma@sys-concept.com wrote:
> I've one persistent user (Russian IP) that is populating my apache log
> files.
> 
> I tried 00_mod_log_config.conf
> 
> SetEnvIf Remote_Addr "45\.93\.201\.104" dontlog
> CustomLog /var/log/apache2/deflate_log deflate env=!dontlog
> CustomLog /var/log/apache2/access_log common env=!dontlog
> 
> But I still see this IP in my access_log.

If it is the same IP address persistently attacking the server, I would be 
tempted to block it, or the whole /24 subnet it belongs to, at the perimeter 
firewall.  Of course, persistent actors will hop off another IP address, so 
there are diminishing returns in this game.