On Tue, Apr 11, 2023 at 9:29 AM Dave Wreski <dwreski@xxxxxxxxxxxxxxxxxxx.invalid> wrote: > > Hi, > > On 4/10/23 11:48 PM, Tatsuki Makino wrote: > > Dave Wreski wrote on 2023/04/11 10:54: > > SetEnvIf user-agent "(?i:TurnitinBot)" stayout=1 > SetEnvIf Request_URI "^linuxsecurity_features\.*$" !stayout > > I have done it in the past, too. > It was like allowing another level of conditions to be attached to Allow and Deny, depending on the condition that defines the variable and the condition that undefines the variable, right? :) > This is no longer needed, so change the name to something that makes sense. > > Yes, the "deny" was removed long ago. That is not the problem now. I also previously neglected to post the "<IfModule !mod_authz_core.c>" qualifier around the "deny from env=stayout" which would only load it for apache-2.2 systems. > > SetEnvIf user-agent "(?i:TurnitinBot)" SOMENAME1 > SetEnvIf Request_URI "^linuxsecurity_features\.*$" SOMENAME2 > > And let it meet all the requirements. > > <RequireAll> > Require all granted > Require not env SOMENAME1 > Require env SOMENAME2 > </RequireAll> > > This had the effect of blocking elements on every page (and the page itself, I think) on the site with 403s and "AH01630: client denied by server configuration:" entries in the error log. > > Is it possible there's something else going on here? > > SetEnvIf Request_URI "^linuxsecurity_features\.*$" rssfeeds Can't anchor to ^. Unlike rewrite in htaccess, this will always compare against the actual requested URL. Not the weird remainder of the URL. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|