httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Access Control
Date Mon, 14 Jul 2003 08:22:53 GMT
>-----Original Message-----
>From: Joseph A Nagy Jr [mailto:joseph_a_nagy_jr@charter.net]
>
>..snip..
>
>Now here is my attempt at blocking those IP's:
><Directory />
>        Options All Multiviews
>        Order allow,deny
>        Allow from all
>        Deny from 24.158.220.23 24.61.145.148 24.158.107.12
> </Directory>

This should work... The only thing I would say is that your logic is a
bit circuitious. You have:

	Order allow,deny
which means:
	Deny by default, allow only if specified, deny if specified
(redundant).
then you have:
	Allow from all
which:
	Defeats the preceding default thus making the redundant "Deny"
required again.

A simpler logic would be:

	Order Deny,Allow 
	Deny from 24.158.220.23 24.61.145.148 24.158.107.12	
which means: 
	Allow by default, Deny those specified.

However, as I said, the first concoction does parse so should work. Are
you sure there are no further mod_access directives in .htaccess files
or in more specific directory containers which are overriding the
top-level directives?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

PS In answer to your question as to why you are getting these IIS
exploits in the first place, they are coming from infected IIS servers
which are simply sending the requests to port 80 on webservers they hear
about. They don't bother to check the server signature, obviously!

If you feel inclined, you might look up the site via reverse DNS, RIPE
etc. and try to send a message to the webmaster to patch his server.

>
>I once had a friends IP address included, restarted apache, but my 
>friend was still able to access my site.
>
>ip.address - - [10/Jul/2003:16:38:15 -0500] "GET / HTTP/1.1" 200 9673 
>"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
>"
>ip.address - - [10/Jul/2003:16:38:17 -0500] "GET 
>/css/coolstyle-final.css HTTP/1.1" 200 2245 
>"http://joseph-a-nagy-jr.hom
>elinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
>ip.address - - [10/Jul/2003:16:38:19 -0500] "GET 
>/images/website/general-images/valid-xhtml10.png HTTP/1.1" 200 2414 
>"htt
>p://joseph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; 
>MSIE 6.0; 
>Windows 98)"
>ip.address - - [10/Jul/2003:16:38:19 -0500] "GET 
>/images/website/general-images/vcss.png HTTP/1.1" 200 1134 
>"http://josep
>h-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 
>6.0; Windows 
>98)"
>ip.address - - [10/Jul/2003:16:38:21 -0500] "GET 
>/images/website/general-images/303014.gif HTTP/1.1" 200 4750 
>"http://jos
>eph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0; 
>Windows 98)"
>ip.address - - [10/Jul/2003:16:38:24 -0500] "GET 
>/images/icon/other/awstats_logo1.png HTTP/1.1" 200 2144 
>"http://joseph-a
>-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 
>98)"
>ip.address - - [10/Jul/2003:16:38:20 -0500] "GET 
>/images/family-photo/pictures-of-me/just-me/jnagyjr.jpg HTTP/1.1" 200 
>31
>143 "http://joseph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; 
>MSIE 6.0; Windows 98)"
>ip.address - - [10/Jul/2003:16:38:29 -0500] "GET 
>/images/website/general-images/apache_pb.png HTTP/1.1" 200 2486 
>"http://
>joseph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0; 
>Windows 98)"
>ip.address - - [10/Jul/2003:16:38:29 -0500] "GET 
>/images/website/perl/sm_perl_id_313_bk.gif HTTP/1.1" 200 2373 
>"http://jo
>seph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 6.0; 
>Windows 98)"
>ip.address - - [10/Jul/2003:16:38:31 -0500] "GET 
>/images/website/general-images/redhat-poweredby.png HTTP/1.1" 200 1579 
>"
>http://joseph-a-nagy-jr.homelinux.org/" "Mozilla/4.0 (compatible; MSIE 
>6.0; Windows 98)"
>ip.address - - [10/Jul/2003:16:39:14 -0500] "GET /music/ HTTP/1.1" 200 
>8589 "http://joseph-a-nagy-jr.homelinux.org/" "Moz
>illa/4.0 (compatible; MSIE 6.0; Windows 98)"
>
>
>what am I doing wrong?
>-- 
>Wielder of the mighty +1 LARTsaber of Unsubscribe Instructions 
>At End of
>Message, the +3 Clue-by-Four of No Attachments to a Mailing List, and
>the -4 Shield of No Spell Checker
>http://joseph-a-nagy-jr.homelinux.org
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange.
This e-mail is of a private and personal nature. It is not related to
the exchange or business activities of the SWX Swiss Exchange. Le
présent e-mail est un message privé et personnel, sans rapport avec
l'activité boursière de la SWX Swiss Exchange.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message