Joshua: Thanks for the quick and comprehensive reply. Lemme address everything in order:1. Whatcha mean by "the config is inherited"? Did you mean to address my question about sub-directories? I suspect so, but if not please clarify.
2. The status codes are in fact mostly 403s, but not ALL... some that match my deny directives, notably ".svservers.com", are still being allowed with 200s. The 403s that are occurring could also be the result of the http:BL module in the blog software itself, which checks the IPs of attempted commenters against the Project Honeypot DNS blacklist and bounces them with a 403 if the IP is a match (there's a lot of 403s for hostnames not in my little DENY list). At least that's the only explanation I can imagine for the inconsistency.
My goal here is to nail the spammy GETs; at first I'd considered a <LIMIT GET> directive, but I couldn't figure out where/how to apply it and so resorted to this current technique.
Censored log sample:66.199.244.34/66.199.244.34.svservers.com [13/Sep/2007:09:44:17 -0700] "GET /blog/pivot/entry.php?id=29 HTTP/1.1" 200 24892 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:10:01:22 -0700] "GET /blog/pivot/entry.php?id=74 HTTP/1.1" 403 222 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:10:02:02 -0700] "GET /blog/pivot/entry.php?id=29 HTTP/1.1" 403 222 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:11:08:23 -0700] "GET /blog/pivot/entry.php?id=40 HTTP/1.1" 403 222 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:11:38:21 -0700] "GET /blog/pivot/entry.php?id=84 HTTP/1.1" 403 222 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:12:05:24 -0700] "GET /blog/pivot/entry.php?id=71 HTTP/1.1" 403 222 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:12:51:01 -0700] "GET /blog/pivot/entry.php?id=23 HTTP/1.1" 403 222 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:13:02:21 -0700] "GET /blog/pivot/entry.php?id=74 HTTP/1.1" 403 222 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:13:06:17 -0700] "GET /blog/pivot/entry.php?id=60 HTTP/1.1" 403 222 "-" "-" 66.199.244.34/66.199.244.34.svservers.com [13/Sep/2007:13:10:04 -0700] "GET /blog/pivot/entry.php?id=63 HTTP/1.1" 200 28255 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:13:13:16 -0700] "GET /blog/pivot/entry.php?id=29 HTTP/1.1" 403 222 "-" "-" 66.199.244.34/66.199.244.34.svservers.com [13/Sep/2007:13:24:28 -0700] "GET /blog/pivot/entry.php?id=40 HTTP/1.1" 200 28032 "-" "-" 66.199.244.34/66.199.244.34.svservers.com [13/Sep/2007:14:14:46 -0700] "GET /blog/pivot/entry.php?id=40 HTTP/1.1" 200 27820 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:14:32:16 -0700] "GET /blog/pivot/entry.php?id=71 HTTP/1.1" 403 222 "-" "-" 81.195.31.71/ppp31-71.pppoe.mtu-net.ru [13/Sep/2007:14:34:48 -0700] "GET /blog/pivot/entry.php?id=66 HTTP/1.1" 403 222 "/blog/pivot/" "Mozilla/5.0+(Windows;+U;+Windows+NT+5.2;+en-US;+rv:1.8.0.3)+Gecko/20060426+Firefox/1.5.0.11" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:15:03:56 -0700] "GET /blog/pivot/entry.php?id=60 HTTP/1.1" 403 222 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:15:05:58 -0700] "GET /blog/pivot/entry.php?id=84 HTTP/1.1" 403 222 "-" "-" 70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:15:10:04 -0700] "GET /blog/pivot/entry.php?id=23 HTTP/1.1" 403 222 "-" "-"
Each of those hostnames match my DENY list, yet the svservers.com GETs are being allowed.
3. "c:/www/blog/" is actually the parent for all the blog content.4. I only have the one config file, and other changes to it have certainly had effects (not all good).
5. Yep, I did restart Apache. I always make a habit of killing it before I even edit the config.
6. No other <directory> directives for anything underneath ./blog/.Could it have anyhing to do with the fact that .svservers.com is the FIRST deny directive? Did I perhaps not structure the permissions correctly? Someone else suggested I should have stuck with ORDER ALLOW,DENY and then ALLOW FROM ALL (and presumably followed by the list of DENY); is that how I should have structured it?
Mark -------- Original Message -------- Subject: Re: <directory> and deny directives From: Joshua Slive <joshua@xxxxxxxx> To: users@xxxxxxxxxxxxxxxx Date: Thursday, September 13, 2007 07:09:43 PM
On 9/13/07, Mark A. Craig <mark.a.craig@xxxxxxxxx> wrote:There's only one problem: it's not working! The log still shows visits from these hostnames. What am I missing? Do I need to add "/*" to the end of the <Directory> directive, or do subdirectories implicitly inherit the same directives?The config is inherited. What status code is being reported for the accesses? If it is 403, then they are indeed being denied. Otherwise, show us a few access_log entries that you think should be denied. Also, check to make sure that the content is really living under C:/www/blog, that you are editing the right config file, that you are restarting apache after making config changes, and that you don't have anything else in your config file applying to that directory or lower. Joshua.
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|