httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bennett Haselton <benn...@peacefire.org>
Subject Re: [users@httpd] trying to ban IPs using htaccess - not working
Date Sun, 25 Jul 2010 22:55:40 GMT
By the way, I posted this question on vworker.com (where you can post 
"work items" for contractors to bid on, although I more often use it 
to post questions and then people submit bids for telling me the 
answer), and someone told me the answer for $20.

The answer, it turns out, is the /etc/httpd/conf.d/welcome.conf file 
has its own ErrorDocument 403 directive which matches the "/" page 
when the "/" page gives a 403 error, so that's why I was getting the 
Apache test page.  Comment out the lines in welcome.conf or replace 
it with a zero-byte file and you're good.  (It looks like on this 
machine we must have previously figured this out at some point, 
because welcome.conf had been renamed to welcome.conf.bak -- but then 
something mysteriously restored the welcome.conf file, which broke it 
again.  I assume it might have been a "yum update" which put back the 
welcome.conf file.  Hopefully having a zero-byte file there will 
prevent yum updates from clobbering it.)

This still does not solve the problem of why I'm not getting the 
right custom 403 error when I go to https://209.160.28.154/ 
though...  I still don't know how to make the ErrorDocument directive 
apply to the https site.

         -Bennett

At 05:10 PM 7/23/2010, Bennett Haselton wrote:
>I'm trying to ban certain IPs from visiting my site, so that they 
>instead see a message saying "Your IP has been banned, email me if 
>you think this is an error."  I've *almost* got it working -- when 
>people visit URLs like
>http://209.160.28.154/index.html
>or
>http://209.160.28.154/foo-does-not-exist
>they see the "banned IP" message.  However, the problem is that if 
>you try to access the front page:
>http://209.160.28.154/
>from a banned IP address, you see the "Apache Test Page for CentOS" 
>page, instead of seeing the "banned IP" message.  Anybody recognize 
>this problem or have an idea of what could be causing it?
>
>In my httpd.conf file, I changed "AllowOverride None" to 
>"AllowOverride All" in both the default <Directory /> tag and inside 
>the <Directory "/var/www/html"> tag -- I placed a modified copy of 
>httpd.conf at:
>http://209.160.28.154/httpd.conf
>and in /var/www/html I placed a .htaccess file containing these lines:
> >>>
>ErrorDocument 403 /banned_ip.php
>order deny,allow
>deny from 71.112.32.149
> >>>
>and restarted the server.  (The page 
>http://209.160.28.154/banned_ip.php shows the message you're 
>supposed to see when connecting from a banned IP.  71.112.32.149 is 
>my home machine IP which I've "banned" for testing purposes.)
>
>So like I said, that almost works, where 
>http://209.160.28.154/index.html gives the right error message, but 
>http://209.160.28.154/ does not.  Any idea how to change is to that 
>all URLs under http://209.160.28.154/ will give the "banned IP" 
>message if connecting from a banned IP?
>
>         -Bennett
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message