You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Angela Barone <an...@italian-getaways.com> on 2013/04/27 16:07:27 UTC
[users@httpd] Deny by IP address unsuccessful
Hello,
I hope I'm in the right place for this question. I'm trying to block undesirables by IP with .htaccess but I'm not having any luck. I've read everything I can get my hands on, and it looks like I'm doing it right, but they still get through. The worst culprits seem to come from a handful of IP's but they use a different referrer name every time. I can't even block myself.
Any help you could give me would be greatly appreciated. Here's my code:
<limit GET POST PUT>
order deny,allow
Allow from all
# add my current IP address for testing
deny from 69.26.218.10
# Yandex bot
deny from 87.250.254.242
# http://www.backlinktest.com/crawler.html
deny from 46.4.100.231
# these IP's hit pages repeatedly within seconds
deny from 74.90.190.22
deny from 151.55.73.204
deny from 174.127.133.138
# Bots
deny from 37.139.52.23
deny from 46.118.119.252
deny from 89.108.102.171
deny from 91.207.4.186
deny from 91.207.6.34
deny from 91.207.9.226
deny from 178.137.129.44
deny from 193.106.136.
deny from 195.242.218.133
</limit>
I've placed this section in different positions in the .htaccess, I've tried both deny,allow and allow,deny, but no luck. Is it possible that some other section could be interfering with this section?
Let me know if you need anything else.
Thank you,
Angela
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Deny by IP address unsuccessful
Posted by Eric Covener <co...@gmail.com>.
> <limit GET POST PUT>
> order deny,allow
> Allow from all
Order deny,allow -> The allow is processed last.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Deny by IP address unsuccessful
Posted by How7 <ho...@freeshell.org>.
I just have lines like this and they work like a charm:
# Feb 2013
deny from 89.248.165 91.232.96 91.232.97 117.24 117.25 117.26
117.27 117.28 117.29 117.30 117.31 173.199 117.24 117.25 117.26
117.27 117.28 117.29 117.30 117.31 173.199
# Apr 2013
deny from 38.102.29 221.232 221.233 221.234 221.235 119.96 119.97
119.98 119.99 119.100 119.101 119.102 119.103
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Deny by IP address unsuccessful
Posted by Jim Albert <ji...@netrition.com>.
On 4/29/2013 2:11 PM, Angela Barone wrote:
> On Apr 27, 2013, at 2:25 PM, Jim Albert wrote:
>> Is your .htaccess at the proper directory level with the resource you
>> want to block?
>>
>> If there are .htaccess files at sublevels that could be your problem.
>>
>> Is .htaccess readable by your apache user?
>>
>> Is Apache configured for AllowOverride with at minimum Limit at the
>> appropriate level?
>
> Hi Jim,
>
> All excellent points, but everything is in order.
>
> I may have stumbled upon something. Our ISP has CloudFlare turned on
> for this domain and, after a lot of searching, it appears that
> CloudFlare changes the IP address of the visitor (I may not be wording
> that correctly). Using a PHP scripts, HTTP_X_FORWARDED_FOR gives me my
> proper IP address while REMOTE_ADDR is blank. Unfortunately, I still
> can't block myself. I've tried:
>
> RewriteCond %{HTTP_X_FORWARDED_FOR} !!=69.163.150.25
> RewriteCond %{HTTP_X_FORWARDED_FOR} ^69\.163\.150\.25$
> RewriteCond %{REMOTE_ADDR} !!=69.163.150.25
> RewriteCond %{REMOTE_ADDR} ^69\.163\.150\.25$
>
> Am I going about this all wrong?
>
> Thank again,
> Angela
It sounds like you are saying your ISP is providing you with a reverse
proxy for your web server.
If so, these pages might be helpful:
https://freistil.zendesk.com/entries/21852711-How-can-I-restrict-IP-addresses-in-htaccess-with-the-reverse-proxy-in-front-
http://serverfault.com/questions/235648/apache-use-x-forwarded-for-for-allow
http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html#setenvif
That's not exactly what you would want to do, but possibly something
along those examples except you want to deny.
The idea is you set an environment variable based on some condition you
are checking on... in your case another environment variable and then
deny based on that env being set.
You should check with your ISP to confirm the environment variable in
which they are supplying the real client's IP address unless you are
convinced it is HTTP_X_FORWARDED_FOR.
I'm making some assumptions here so maybe check with your ISP if those
suggestions make sense for your environment.
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Deny by IP address unsuccessful
Posted by Angela Barone <an...@italian-getaways.com>.
On Apr 27, 2013, at 2:25 PM, Jim Albert wrote:
> Is your .htaccess at the proper directory level with the resource you want to block?
>
> If there are .htaccess files at sublevels that could be your problem.
>
> Is .htaccess readable by your apache user?
>
> Is Apache configured for AllowOverride with at minimum Limit at the appropriate level?
Hi Jim,
All excellent points, but everything is in order.
I may have stumbled upon something. Our ISP has CloudFlare turned on for this domain and, after a lot of searching, it appears that CloudFlare changes the IP address of the visitor (I may not be wording that correctly). Using a PHP scripts, HTTP_X_FORWARDED_FOR gives me my proper IP address while REMOTE_ADDR is blank. Unfortunately, I still can't block myself. I've tried:
RewriteCond %{HTTP_X_FORWARDED_FOR} !!=69.163.150.25
RewriteCond %{HTTP_X_FORWARDED_FOR} ^69\.163\.150\.25$
RewriteCond %{REMOTE_ADDR} !!=69.163.150.25
RewriteCond %{REMOTE_ADDR} ^69\.163\.150\.25$
Am I going about this all wrong?
Thank again,
Angela
Re: [users@httpd] Deny by IP address unsuccessful
Posted by Jim Albert <ji...@netrition.com>.
On 4/27/2013 10:28 AM, Angela Barone wrote:
> On Apr 27, 2013, at 7:18 AM, Martin Hasicek wrote:
>> Just put allow from all to the bottom of configuration. You have order deny, allow so your config should look same :-)
>
> Hi Martin,
>
> Thank you for your reply. I'm pretty sure I had tried that before, but I just changed it as you suggested and I'm still able to get in. It's not blocking my IP address. :\
You want
order allow, deny
Is your .htaccess at the proper directory level with the resource you
want to block?
If there are .htaccess files at sublevels that could be your problem.
Is .htaccess readable by your apache user?
Is Apache configured for AllowOverride with at minimum Limit at the
appropriate level?
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Deny by IP address unsuccessful
Posted by Angela Barone <an...@italian-getaways.com>.
On Apr 27, 2013, at 7:18 AM, Martin Hasicek wrote:
> Just put allow from all to the bottom of configuration. You have order deny, allow so your config should look same :-)
Hi Martin,
Thank you for your reply. I'm pretty sure I had tried that before, but I just changed it as you suggested and I'm still able to get in. It's not blocking my IP address. :\
Angela
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Deny by IP address unsuccessful
Posted by Martin Hasicek <ma...@gmail.com>.
Just put allow from all to the bottom of configuration. You have order deny, allow so your config should look same :-)
mh
Sent from my iPhone
On 27.4.2013, at 16:07, Angela Barone <an...@italian-getaways.com> wrote:
> Hello,
>
> I hope I'm in the right place for this question. I'm trying to block undesirables by IP with .htaccess but I'm not having any luck. I've read everything I can get my hands on, and it looks like I'm doing it right, but they still get through. The worst culprits seem to come from a handful of IP's but they use a different referrer name every time. I can't even block myself.
>
> Any help you could give me would be greatly appreciated. Here's my code:
>
>
> <limit GET POST PUT>
> order deny,allow
> Allow from all
>
> # add my current IP address for testing
> deny from 69.26.218.10
>
> # Yandex bot
> deny from 87.250.254.242
>
> # http://www.backlinktest.com/crawler.html
> deny from 46.4.100.231
>
> # these IP's hit pages repeatedly within seconds
> deny from 74.90.190.22
> deny from 151.55.73.204
> deny from 174.127.133.138
>
> # Bots
> deny from 37.139.52.23
> deny from 46.118.119.252
> deny from 89.108.102.171
> deny from 91.207.4.186
> deny from 91.207.6.34
> deny from 91.207.9.226
> deny from 178.137.129.44
> deny from 193.106.136.
> deny from 195.242.218.133
> </limit>
>
> I've placed this section in different positions in the .htaccess, I've tried both deny,allow and allow,deny, but no luck. Is it possible that some other section could be interfering with this section?
>
> Let me know if you need anything else.
>
> Thank you,
> Angela
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org