Noel Butler <noel.butler@xxxxxxxxxx> writes:
> On Mon, 2012-04-23 at 09:04 +0200, Matthieu Moy wrote:
>
> Noel Butler <noel.butler@xxxxxxxxxx> writes:
>
> > Right, so have you changed it to Directory and does it now work?
>
> I tried <Directory>, and it did not work. -
>
> You definitely have something broken then if Deny does not work in a Directory statement
I found the guilty line in the configuration, but I still don't
understand what's going on.
I had this at the end of /etc/apache2/apache2.conf:
<Location />
Deny from <some IP address to blacklist>
</Location>
Removing these lines solves the issue: other Deny directives (in
/etc/apache2 and in .htaccesses) are now taken into account.
I still have two problems (much less serious) :
1) I'd like to understand what was going on. From my understanding, the
line above shouldn't have disabled other "Deny from" directives. Since
<Location> are taken into account after <Directory>, I'd understand that
a "Order" directive could be problematic, but not how a <Location> can
be so.
2) If possible, I'd like to have a way to blacklist IPs without
breaking everything else. That's secondary since the server can also use
iptables rules for blacklisting.
I tried several variants, like using <Directory> instead of <Location
/>, adding Order allow,deny before the Deny. With <Directory>, it works
essentially as I'd have expected: <Directory /> is ineffective since it
is overridden by more precise <Directory /www/.../> directives. It works
if I apply it to subdirectories of the DocumentRoot, but that's not
really conveinient.
Thanks,
--
Matthieu Moy
http://www-verimag.imag.fr/~moy/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|