RE: Deny <ip address> didn't work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for your replies.

I'm using apache version 2.2.15 - so I guess I don't have to worry about the
2.4 changes.

I'll have to research AllowOverride ....

Very interesting - seems obvious now that you say it, but I didn't realize
my efforts were just blocking the response, not the request.

I tried an iptables rule and that seems to have worked.

Re the rewrite engine - also interesting ... I do have the RewriteEngine On
statement, but it's below the RewriteCond statement.  Does that make a
difference?  IE, does it process sequentially, and so the rewritecond
statements are just ignored unless they come after rewriteengine on ?

Thanks,
Josh


-----Original Message-----
From: Richard [mailto:lists-apache@xxxxxxxxxxxxxxxxxxxxx]
Sent: Monday, May 04, 2015 20:27
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  Deny <ip address> didn't work

Also "allow/deny" (or the 2.4 equiv) directives only control whether the
server delivers the content, not whether the client can request an item from
the server. I.e., the indication of successful blocking will be the response
code changing from 200 to 403, but you'll still likely see hits. If you want
to block the client from hitting the server you'd probably need to use
firewall settings.

With your rewrite attempt, did you include a statement turning the rewrite
engine on?


------------ Original Message ------------
> Date: Monday, May 04, 2015 09:36:50 PM -0400
> From: Yehuda Katz <yehuda@xxxxxxxxxx>
>
> What version of Apache are you using?
> Apache 2.4 changed the access control directives unless you
> specifically enable the old style:
> http://httpd.apache.org/docs/2.4/upgrading.html#access
>
> Also, make sure you have the correct AllowOverride statements.
>
> - Y
>
> On Mon, May 4, 2015 at 7:33 PM, Joshua Smith <joshuasmith@xxxxxxxxx>
> wrote:
>
>> Hi,
>>
>> I tried both of the following methods to block an ip address, but
>> neither worked.  In .htaccess, I put:
>>
>> Order Deny,Allow
>> Deny from 123.123.123.123
>>
>> and
>>
>> RewriteCond %{REMOTE_ADDR} ^123.123.123.123 RewriteRule .*
>> /maintenance.html [R=503,L]
>>
>> (I do have the mod_rewrite module installed)
>>
>> In both cases, I put the rules at the top of the file so that it
>> would be the first rules executed.
>>
>> After each one, i did an apachectl stop, then apachectl start.
>>
>> In both cases, when i monitored my site with the 'server-status'
>> module, the ip address was still there, with sometimes more than
>> 30 requests, and all for the same page, which was ..../login.php.
>> And it continued to be there for the next 30 minutes until it just
>> dropped off, but i was doing nothing to stop it at that point.
>>
>> This method of blocking has worked for me in the past.
>>
>> Is it possible for someone (ie a hacker…) to bypass my blocking
>> method(s)?  Or is there something more I need to do?
>>
>> Thank you,
>> Josh
>>
------------ End Original Message ------------



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx






[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux