Hi,
Dave Wreski wrote on 2023/04/11 10:54:SetEnvIf user-agent "(?i:TurnitinBot)" stayout=1 SetEnvIf Request_URI "^linuxsecurity_features\.*$" !stayoutI have done it in the past, too. It was like allowing another level of conditions to be attached to Allow and Deny, depending on the condition that defines the variable and the condition that undefines the variable, right? :) This is no longer needed, so change the name to something that makes sense.
Yes, the "deny" was removed long ago. That is not the problem now. I also previously neglected to post the "<IfModule !mod_authz_core.c>" qualifier around the "deny from env=stayout" which would only load it for apache-2.2 systems.
SetEnvIf user-agent "(?i:TurnitinBot)" SOMENAME1 SetEnvIf Request_URI "^linuxsecurity_features\.*$" SOMENAME2 And let it meet all the requirements. <RequireAll> Require all granted Require not env SOMENAME1 Require env SOMENAME2 </RequireAll>
This had the effect of blocking elements on every page (and the
page itself, I think) on the site with 403s and "AH01630: client
denied by server configuration:" entries in the error log.
Is it possible there's something else going on here?
SetEnvIf Request_URI "^linuxsecurity_features\.*$" rssfeeds
SetEnvIf user-agent "(?i:TurnitinBot)" stayout
<RequireAll>
Require all granted
Require not env stayout
Require env rssfeeds
</RequireAll>
RewriteRule linuxsecurity_features\.*$ - [L]
Thanks,
Dave