Re: SetEnvIf and exceptions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

SetEnvIf user-agent "(?i:TurnitinBot)" SOMENAME1
SetEnvIf Request_URI "^linuxsecurity_features\.*$" SOMENAME2

And let it meet all the requirements.

<RequireAll>
  Require all granted
  Require not env SOMENAME1
  Require env SOMENAME2
</RequireAll>

This had the effect of blocking elements on every page (and the page itself, I think) on the site with 403s and "AH01630: client denied by server configuration:" entries in the error log.

Is it possible there's something else going on here?

SetEnvIf Request_URI "^linuxsecurity_features\.*$" rssfeeds
Can't anchor to ^. Unlike rewrite in htaccess, this will always
compare against the actual requested URL. Not the weird remainder of
the URL.

There's something more going on than just an errant caret.

Once the "Require env SOMENAME2" is included, as above, it immediately starts to 403 every page on the site. It's like each Require above is being considered independently, or that it somehow supersedes the previous Require.

With the last Require commented out, it works as expected (blocking all bots listed in the SetEnvIf), with the exception that it also restricts libwww access to the RSS feeds.


I don't follow the full intended logic, but if SOMENAME2 is required for access but can never be set due to the regex, I don't think there is necessarily something more to it.

In case I wasn't clear, simply removing the caret was not enough to make this work. The "Require env SOMENAME2" was enough to begin blocking every page on the site with a 403, not just the RSS feeds or the bots, but every legitimate request.

I'm going to do more research on RequireAll, but isn't that essentially saying AND? Require all AND Require not env SOMENAME1 AND Require env SOMENAME2? How can that ever match?

I suppose that also means it wouldn't be RequireAny because it would always match the Require all.

dave










[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux