On Mon, 10 Jul 2006 17:14, Boyle Owen wrote:
Thanks for your response. I have some success now, although it took a fight
and there's still a problem with the location of my rewrite code. For
background I'll put up the geoip.conf include file contents:
<IfModule mod_geoip.c>
GeoIPEnable On
GeoIPDBFile /usr/local/share/GeoIP/GeoIP.dat MemoryCache
GeoIPOutput All
# default country must be australia
# TODO: improve this to care only if it seems to be a local net address
SetEnvIf GEOIP_COUNTRY_CODE ^$ GEOIP_COUNTRY_CODE=AU
SetEnvIf GEOIP_COUNTRY_CODE ^--$ GEOIP_COUNTRY_CODE=AU
# actual list includes more bad countries
SetEnvIf GEOIP_COUNTRY_CODE ^(CN|HK|JP|KR|RU)$ BlockCountry
</IfModule>
Straight away there's a problem that I have tried unsuccessfully to solve
with the extra SetEnvIf. If you are on a local subnet (ie 10. or 192.168.)
then the GeoIP module can't nominate a country. It seems to return -- as
the country code in that case. (Or an empty string; the output from
phpinfo() shows the variable as -- but I'm suspicious)
However the SetEnvIf does not seem capable of rewriting that variable, even
though a plain SetEnv can. Am I trying to override the variable's value
incorrectly, or match the value incorrectly?
> > Rewrites don't appear to work outside of Location
> > blocks, and unless I'm doing something wrong, it
> > doesn't work in the <Directory /> block either.
>
> You're doing something wrong. Rewrites will work at any level (check the
> "Context" line in
> http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriterule).
Yup - i see that in the doco, but unless I have the rewrites in the
<Directory /> block, it is not triggering. I have tried it up near the
include of the conf.d/geoip.conf file, or at the end of the file, but it
definitely didn't work until it went inside the <Directory /> block.
Here's my rewrite rules which might shed some light:
<Directory />
RewriteEngine on
RewriteBase /
RewriteCond %{ENV:BlockCountry} 1
RewriteRule .* http://nastysite/ [L,R=301]
Options FollowSymLinks
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
Oh, the error_log was showing a complaint that "without Options
FollowSymlinks", it says it "implies that rewrites are not allowed", so I
had to add the option.
> Otherwise, you need to debug the rewrite logic - switch on rewrite
> logging to see what it's doing.
Even that yielded no output even at level 9 until I got the thing in a place
that made it function.
I guess it's time to point out that I'm using 2.0.54 on RedHat FC4
Still, it's now working successfully so that my access and error logs are
down to a far more pleasant size, including the nightly LogWatch email. Got
to be happy with that, and I like to think that stupid little script
kiddies in chinese schools are now viewing appalling images that would
probably get them locked in a Gulag.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|