httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bennett Haselton <benn...@peacefire.org>
Subject Re: [users@httpd] trying to ban IPs using htaccess - not working
Date Mon, 26 Jul 2010 00:48:10 GMT
At 05:29 PM 7/25/2010, Eric Covener wrote:
>On Sun, Jul 25, 2010 at 8:23 PM, Bennett Haselton 
><bennett@peacefire.org> wrote:
> > At 05:08 PM 7/25/2010, Eric Covener wrote:
> >>
> >> On Sun, Jul 25, 2010 at 6:55 PM, Bennett Haselton 
> <bennett@peacefire.org>
> >> wrote:
> >> > By the way, I posted this question on vworker.com (where you 
> can post
> >> > "work
> >> > items" for contractors to bid on, although I more often use it 
> to post
> >> > questions and then people submit bids for telling me the 
> answer), and
> >> > someone told me the answer for $20.
> >> >
> >> > The answer, it turns out, is the 
> /etc/httpd/conf.d/welcome.conf file has
> >> > its
> >> > own ErrorDocument 403 directive which matches the "/" page 
> when the "/"
> >> > page
> >> > gives a 403 error, so that's why I was getting the Apache test page.
> >> >  Comment out the lines in welcome.conf or replace it with a 
> zero-byte
> >> > file
> >> > and you're good.  (It looks like on this machine we must have 
> previously
> >> > figured this out at some point, because welcome.conf had been 
> renamed to
> >> > welcome.conf.bak -- but then something mysteriously restored the
> >> > welcome.conf file, which broke it again.  I assume it might 
> have been a
> >> > "yum
> >> > update" which put back the welcome.conf file.  Hopefully having a
> >> > zero-byte
> >> > file there will prevent yum updates from clobbering it.)
> >> >
> >> > This still does not solve the problem of why I'm not getting 
> the right
> >> > custom 403 error when I go to https://209.160.28.154/ 
> though...  I still
> >> > don't know how to make the ErrorDocument directive apply to 
> the https
> >> > site.
> >>
> >> There's nothing too special about ErrorDocument, see the basic rules
> >> of configuration sections here:
> >>
> >> http://httpd.apache.org/docs/2.2/sections.html
> >>
> >> And recusrively grep your configuration if you don't know what's 
> there.
> >
> > I've already read that page and followed the directions, and it's not
> > working the way the page describes it, or at least, there's something
> > missing.  The page says:
> > "What Directives are Allowed? --
> > To find out what directives are allowed in what types of configuration
> > sections, check the Context of the directive."
> >
> > That's what I'm doing, and it does not work.  The "context" for
> > ErrorDocument says "server config, virtual host, directory, 
> .htaccess".  I
> > have put the line
> > ErrorDocument 403 /banned_ip.php
> > in the httpd.conf file, in the ssl.conf file both inside and 
> outside the
> > <VirtualHost> section, and in the .htaccess file, and none of those
> > combinations are working -- 403 errors in https urls are still 
> giving the
> > default 403 error instead of the custom one.  There's some extra step
> > required that's not in the documentation, at least not in that 
> portion of
> > it.  Do you know what it is?
>
>Sure your browser isn't showing you "friendly error messages" for a
>short error document?

Yes.  I have that option turned off in IE.  In any case, what I'm 
seeing is a "403 forbidden" message from Apache and not a "friendly" 
one inserted by IE.  Besides, when I access http:// URLs that 
generate a 403 error, I do see the "your ip has been banned" message 
as expected.  It's only for https:// URLs that it doesn't work.

>Did you actually search your configuration for other ErrorDocument 403
>directives that might have a higher precedence?

Yes.  And anyway like I said I'm seeing the custom 403 error message 
when browsing http:// URLs.  It's only https:// URLs that give the 
default 403 error instead of the custom one.

         -Bennett 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message