Re: Deny <ip address> didn't work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What version of Apache are you using?
Apache 2.4 changed the access control directives unless you specifically enable the old style: http://httpd.apache.org/docs/2.4/upgrading.html#access

Also, make sure you have the correct AllowOverride statements.

- Y

On Mon, May 4, 2015 at 7:33 PM, Joshua Smith <joshuasmith@xxxxxxxxx> wrote:

Hi,

 

I tried both of the following methods to block an ip address, but neither worked.  In .htaccess, I put:

 

Order Deny,Allow

Deny from 123.123.123.123

 

and

 

RewriteCond %{REMOTE_ADDR} ^123.123.123.123

RewriteRule .* /maintenance.html [R=503,L]

 

(I do have the mod_rewrite module installed)

 

In both cases, I put the rules at the top of the file so that it would be the first rules executed.

 

After each one, i did an apachectl stop, then apachectl start.

 

In both cases, when i monitored my site with the 'server-status' module, the ip address was still there, with sometimes more than 30 requests, and all for the same page, which was ..../login.php.  And it continued to be there for the next 30 minutes until it just dropped off, but i was doing nothing to stop it at that point.

 

This method of blocking has worked for me in the past.

 

Is it possible for someone (ie a hacker…) to bypass my blocking method(s)?  Or is there something more I need to do?

 

Thank you,

Josh

 



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux