You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Marc Fromm <Ma...@wwu.edu> on 2009/10/26 05:22:39 UTC

[users@httpd] RE: httaccess stopped working update

Update on my htaccess problem.
Recently I set up a spider trap which required placing an htaccess file on the www/html directory. The htaccess file listed in my first email is a sub directory of html/.

The tutorial had me create this htaccess file. Is the <Files *> . . . </Files> section over ruling the htaccess file in the sub directory?

# Block bad-bots using lines written by bad_bot.pl script above
SetEnvIf Request_URI "^(/403.*\.htm|/robots\.txt|/file_instead_of_what_they_want\.htm)$" allowsome

<Files *>
order allow,deny
allow from all
deny from env=getout
</Files>

-----Original Message-----
From: Marc Fromm 
Sent: Sunday, October 25, 2009 7:48 PM
To: users@httpd.apache.org
Subject: [users@httpd] httaccess stopped working

I have used this htaccess file for quite some time now and it worked, only allowing access to specific ip addressess.
For some reason the htaccess is not blocking ip addresses outside the ones specified.
I have 'x'ed out the ip addresses and changed the user user name for this email.

AuthType Basic
AuthName "Outside Access."
AuthUserfile /etc/htpasswd
require user user_name
#require valid-user
Satisfy All
<Limit GET POST>
order deny,allow
deny from all
allow from xxx.xxx.216
allow from xxx.xxx.42
allow from xxx.xxx.43
allow from xxx.xxx.188
allow from xxx.xxx.189
</Limit>

Any ideas on what could have changed to so the deny from all is no longer working? Users are still asked for a username and password. Some posts state to avoid using LIMIT. If that is correct then what is the better method?

Thanks

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] RE: httaccess stopped working update

Posted by Jonathan Zuckerman <j....@gmail.com>.

> -----Original Message-----
> From: Marc Fromm
> Sent: Sunday, October 25, 2009 7:48 PM
> To: users@httpd.apache.org
> Subject: [users@httpd] httaccess stopped working
>
> I have used this htaccess file for quite some time now and it worked, only allowing access to specific ip addressess.
> For some reason the htaccess is not blocking ip addresses outside the ones specified.
> I have 'x'ed out the ip addresses and changed the user user name for this email.
>
> AuthType Basic
> AuthName "Outside Access."
> AuthUserfile /etc/htpasswd
> require user user_name
> #require valid-user
> Satisfy All
> <Limit GET POST>
> order deny,allow
> deny from all
> allow from xxx.xxx.216
> allow from xxx.xxx.42
> allow from xxx.xxx.43
> allow from xxx.xxx.188
> allow from xxx.xxx.189
> </Limit>
>
> Any ideas on what could have changed to so the deny from all is no longer working? Users are still asked for a username and password. Some posts state to avoid using LIMIT. If that is correct then what is the better method?
>
> Thanks
>
>
On Sun, Oct 25, 2009 at 9:22 PM, Marc Fromm <Ma...@wwu.edu> wrote:
> Update on my htaccess problem.
> Recently I set up a spider trap which required placing an htaccess file on the www/html directory. The htaccess file listed in my first email is a sub directory of html/.
>
> The tutorial had me create this htaccess file. Is the <Files *> . . . </Files> section over ruling the htaccess file in the sub directory?>
> # Block bad-bots using lines written by bad_bot.pl script above
> SetEnvIf Request_URI "^(/403.*\.htm|/robots\.txt|/file_instead_of_what_they_want\.htm)$" allowsome
>
> <Files *>
> order allow,deny
> allow from all
> deny from env=getout
> </Files>
>

You specifically said: for ALL files, allow from ALL except.. deny
from env=getout.
This will absolutely override .htaccess rules set in a higher
directory, that's almost the whole point of htaccess.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org