You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by David Mehler <da...@gmail.com> on 2011/12/12 17:00:38 UTC
[users@httpd] using htaccess on all hosts to block addresses
Hello,
I've got a list of host IP's i'd like to block. I want to do this with
an .htaccess file and want it to effect all virtual hosts on my
server. I've got the .htaccess file and am wondering where to place
it. Can I put it in the ServerRoot area which is /srv/http I believe
on my arch box or do I have to put in the public_html directory of
every virtual host? Or is there another way? Ideally i'd like one one
copy of this file to be active for all virtual hosts.
Thanks.
Dave.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] using htaccess on all hosts to block addresses
Posted by Steve Swift <Sw...@swiftys.org.uk>.
Presumably, it not whether you use htaccess, but whether you have it
enabled. Once it is enables, apache has to follow the directory tree, just
in case an htaccess file has turned up.
I wonder if apache takes advantage of hosts which notify it when
new/changed files appear in a directory tree that "interests" it? For
example, Windows Media Player knows about new albums that I've downloaded a
few seconds after I add them to my music collection. This way, it could
skip looking for htaccess files until it knows where they are.
On 12 December 2011 17:55, Tom Evans <te...@googlemail.com> wrote:
> On Mon, Dec 12, 2011 at 5:42 PM, Steve Swift <Sw...@swiftys.org.uk>
> wrote:
> > I think you'll have to put it in the documentroot of all of your
> > virtualhosts. Since it would be so much easier to do this in the Apache
> > config, I'll assume that you cannot do this for some reason.
> >
> > Second best would be to create the file in one documentroot, then use
> hard
> > links to place it in all of the other documentroots.
> >
>
> No, when Apache is instructed to read .htaccess files (from an
> appropriate AllowOverride section), it will walk up the directory tree
> until it reach a directory that has AllowOverride None, or it reaches
> the root.
>
> Therefore, if you have /srv/http/site1/htdocs and
> /srv/http/site2/htdocs, and you place a htaccess at
> /srv/http/.htaccess, and /srv/http/siteN/htdocs is allowed to have a
> htaccess file, then the following htaccess files will be attempted to
> be loaded:
>
> /srv/http/siteN/htdocs/.htaccess
> /srv/http/siteN/.htaccess
> /srv/http/.htaccess
> /srv/.htaccess
>
> '/' is normally marked 'AllowOverride None' in the base conf file, so
> that wouldn't normally be checked.
>
> As should be obvious, this is part of the reason why you are
> discouraged from using .htaccess, it vastly inflates the work that
> apache must do to serve a request. More info in the docs:
>
> http://httpd.apache.org/docs/2.2/howto/htaccess.html
>
> Cheers
>
> Tom
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Steve Swift
http://www.swiftys.org.uk
Re: [users@httpd] using htaccess on all hosts to block addresses
Posted by Tom Evans <te...@googlemail.com>.
On Mon, Dec 12, 2011 at 5:42 PM, Steve Swift <Sw...@swiftys.org.uk> wrote:
> I think you'll have to put it in the documentroot of all of your
> virtualhosts. Since it would be so much easier to do this in the Apache
> config, I'll assume that you cannot do this for some reason.
>
> Second best would be to create the file in one documentroot, then use hard
> links to place it in all of the other documentroots.
>
No, when Apache is instructed to read .htaccess files (from an
appropriate AllowOverride section), it will walk up the directory tree
until it reach a directory that has AllowOverride None, or it reaches
the root.
Therefore, if you have /srv/http/site1/htdocs and
/srv/http/site2/htdocs, and you place a htaccess at
/srv/http/.htaccess, and /srv/http/siteN/htdocs is allowed to have a
htaccess file, then the following htaccess files will be attempted to
be loaded:
/srv/http/siteN/htdocs/.htaccess
/srv/http/siteN/.htaccess
/srv/http/.htaccess
/srv/.htaccess
'/' is normally marked 'AllowOverride None' in the base conf file, so
that wouldn't normally be checked.
As should be obvious, this is part of the reason why you are
discouraged from using .htaccess, it vastly inflates the work that
apache must do to serve a request. More info in the docs:
http://httpd.apache.org/docs/2.2/howto/htaccess.html
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] using htaccess on all hosts to block addresses
Posted by Steve Swift <Sw...@swiftys.org.uk>.
I think you'll have to put it in the documentroot of all of your
virtualhosts. Since it would be so much easier to do this in the Apache
config, I'll assume that you cannot do this for some reason.
Second best would be to create the file in one documentroot, then use hard
links to place it in all of the other documentroots.
Since the users will be editing the files in their documentroot's, take
care that you set their permissions on this file so they cannot modify it.
You would have complete mayhem if it was shared across all of your
VirtualHosts, then one of them decided to update it "just a little bit".
Of course, this means that the owners of the VirtualHosts won't be able to
use the htaccess file for their own purposes.
On 12 December 2011 16:00, David Mehler <da...@gmail.com> wrote:
> Hello,
>
> I've got a list of host IP's i'd like to block. I want to do this with
> an .htaccess file and want it to effect all virtual hosts on my
> server. I've got the .htaccess file and am wondering where to place
> it. Can I put it in the ServerRoot area which is /srv/http I believe
> on my arch box or do I have to put in the public_html directory of
> every virtual host? Or is there another way? Ideally i'd like one one
> copy of this file to be active for all virtual hosts.
>
> Thanks.
> Dave.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Steve Swift
http://www.swiftys.org.uk