You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Adam Serediuk <as...@abebooks.com> on 2007/02/09 00:13:42 UTC
[users@httpd] Blocking Requests Based Off of HTTP Headers
Hello all,
I am trying to block requests based off of HTTP Headers using a RewriteCond
to a RewriteMap.
I have the following:
RewriteMap hosts-deny txt:/path_to/hosts.deny
RewriteCond ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond ${hosts-deny:%{true-client-ip}|NOT-FOUND} !=NOT-FOUND
RewriteRule ^/.* - [F]
I want to block requests if the REMOTE_HOST, REMOTE_ADDR or true-client-ip
header matches the contents of the hosts.deny file. The hosts.deny file I
have created looks like:
192.168.1.2 -
192.168.1.3 -
If the REMOTE_HOST or REMOTE_ADDR matches the contents of the hosts.deny
file, the block works. However, if I set an HTTP header for true-client-ip it
does not match. I've tried a number of combinations and cannot get this to
work as expected. I know that the true-client-ip header exists, as I am using
it to log information into a log file successfully.
--
Adam
RE: [users@httpd] Blocking Requests Based Off of
HTTP Headers
Posted by Adam Serediuk <as...@abebooks.com>.
Thank you for the quick response; that did the trick. I tend to be blind
sometimes when a problem thwarts me for awhile, just need another set of eyes
:)
-----Original Message-----
From: jslive@gmail.com [mailto:jslive@gmail.com] On Behalf Of Joshua Slive
Sent: Thursday, February 08, 2007 3:22 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Blocking Requests Based Off of HTTP Headers
On 2/8/07, Adam Serediuk <as...@abebooks.com> wrote:
>
> RewriteCond ${hosts-deny:%{true-client-ip}|NOT-FOUND}
> !=NOT-FOUND
>
> RewriteRule ^/.* - [F]
> If the REMOTE_HOST or REMOTE_ADDR matches the contents of the hosts.deny
> file, the block works. However, if I set an HTTP header for true-client-ip
> it does not match. I've tried a number of combinations and cannot get this
> to work as expected. I know that the true-client-ip header exists, as I am
> using it to log information into a log file successfully.
You would need to use %{HTTP:true-client-ip}, as noted in the RewriteCond
docs.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Blocking Requests Based Off of HTTP Headers
Posted by Joshua Slive <jo...@slive.ca>.
On 2/8/07, Adam Serediuk <as...@abebooks.com> wrote:
>
> RewriteCond ${hosts-deny:%{true-client-ip}|NOT-FOUND}
> !=NOT-FOUND
>
> RewriteRule ^/.* - [F]
> If the REMOTE_HOST or REMOTE_ADDR matches the contents of the hosts.deny
> file, the block works. However, if I set an HTTP header for true-client-ip
> it does not match. I've tried a number of combinations and cannot get this
> to work as expected. I know that the true-client-ip header exists, as I am
> using it to log information into a log file successfully.
You would need to use %{HTTP:true-client-ip}, as noted in the RewriteCond docs.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org