Re: [users@httpd] multicriteria "Deny from env" rule

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

On 8 juin 06, at 15:21, Joshua Slive wrote:


        <LimitExcept GET>
           Deny from env....(BlockBrowser AND BlockReferer)
           Deny from env=BlockCountry
        </LimitExcept>


BrowserMatch "^$" BlockBrowser=1
SetEnvIf Referer "^$" BlockReferer=1
SetEnvIf BlockBrowser ^1$ GoAway
SetEnvIf BlockReferer ^1$ GoAway
Deny from env=GoAway

But it would be easier just to set the GoAway variable in the original
BrowserMatch/SetEnvIf if you don't need those specific variables
elsewhere.
I don't think this can work, if BlockBrowser=1 then you set GoAway, if BlockReferer=1 then you set GoAway. If I deny from env=GoAway, then I deny from BlockBrowser OR from BlockReferer. I want to deny only if both BlockBrowser AND BlockReferer are set. 

But you give me an idea to work with. I'm going to try:

SetEnv GoAway 1
BrowserMatch !"^$" !GoAway
SetEnvIf Referer !"^$" !GoAway
Deny from env=GoAway
So, if I'm correct, GoAway is set, then if BrowserMatch is good GoAway is unset, if SetEnvIf Referer is good GoAway is unset, is GoAway is still set, the deny is triggered. 

Does it look ok ?

Patrick PRONIEWSKI
--
Administrateur Système - SENTIER - Université Lumière Lyon 2

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux