[users@httpd] Blocking Requests Based Off of HTTP Headers

[Adam Serediuk <as...@abebooks.com>]

Hello all,

 

I am trying to block requests based off of HTTP Headers using a RewriteCond
to a RewriteMap.

 

I have the following:

 

RewriteMap    hosts-deny  txt:/path_to/hosts.deny

RewriteCond   ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]

RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND [OR]

RewriteCond   ${hosts-deny:%{true-client-ip}|NOT-FOUND} !=NOT-FOUND

RewriteRule   ^/.*  -  [F]

 

I want to block requests if the REMOTE_HOST, REMOTE_ADDR or true-client-ip
header matches the contents of the hosts.deny file. The hosts.deny file I
have created looks like:

 

192.168.1.2 -

192.168.1.3 -

 

If the REMOTE_HOST or REMOTE_ADDR matches the contents of the hosts.deny
file, the block works. However, if I set an HTTP header for true-client-ip it
does not match. I've tried a number of combinations and cannot get this to
work as expected. I know that the true-client-ip header exists, as I am using
it to log information into a log file successfully.

 

 

--
Adam

 

RE: [users@httpd] Blocking Requests Based Off of HTTP Headers

[Adam Serediuk <as...@abebooks.com>]

Thank you for the quick response; that did the trick. I tend to be blind
sometimes when a problem thwarts me for awhile, just need another set of eyes
:)



-----Original Message-----
From: jslive@gmail.com [mailto:jslive@gmail.com] On Behalf Of Joshua Slive
Sent: Thursday, February 08, 2007 3:22 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Blocking Requests Based Off of HTTP Headers

On 2/8/07, Adam Serediuk <as...@abebooks.com> wrote:

>
> RewriteCond   ${hosts-deny:%{true-client-ip}|NOT-FOUND}
> !=NOT-FOUND
>
> RewriteRule   ^/.*  -  [F]

> If the REMOTE_HOST or REMOTE_ADDR matches the contents of the hosts.deny
> file, the block works. However, if I set an HTTP header for true-client-ip
> it does not match. I've tried a number of combinations and cannot get this
> to work as expected. I know that the true-client-ip header exists, as I am
> using it to log information into a log file successfully.

You would need to use %{HTTP:true-client-ip}, as noted in the RewriteCond
docs.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Blocking Requests Based Off of HTTP Headers

[Joshua Slive <jo...@slive.ca>]

On 2/8/07, Adam Serediuk <as...@abebooks.com> wrote:

>
> RewriteCond   ${hosts-deny:%{true-client-ip}|NOT-FOUND}
> !=NOT-FOUND
>
> RewriteRule   ^/.*  -  [F]

> If the REMOTE_HOST or REMOTE_ADDR matches the contents of the hosts.deny
> file, the block works. However, if I set an HTTP header for true-client-ip
> it does not match. I've tried a number of combinations and cannot get this
> to work as expected. I know that the true-client-ip header exists, as I am
> using it to log information into a log file successfully.

You would need to use %{HTTP:true-client-ip}, as noted in the RewriteCond docs.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org