httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bennett Haselton <benn...@peacefire.org>
Subject Re: [users@httpd] trying to ban IPs using htaccess - not working
Date Mon, 26 Jul 2010 05:54:45 GMT
At 10:32 PM 7/25/2010, you wrote:
>On Sat, Jul 24, 2010 at 5:40 AM, Bennett 
>Haselton <bennett@peacefire.org> wrote:
> > I'm trying to ban certain IPs from visiting 
> my site, so that they instead
> > see a message saying "Your IP has been 
> banned, email me if you think this is
> > an error." Â I've *almost* got it working -- 
> when people visit URLs like
> > http://209.160.28.154/index.html
> > or
> > http://209.160.28.154/foo-does-not-exist
> > they see the "banned IP" message. Â However, 
> the problem is that if you try
> > to access the front page:
> > http://209.160.28.154/
> > from a banned IP address, you see the "Apache 
> Test Page for CentOS" page,
> > instead of seeing the "banned IP" message. Â 
> Anybody recognize this problem
> > or have an idea of what could be causing it?
> >
> > In my httpd.conf file, I changed 
> "AllowOverride None" to "AllowOverride All"
> > in both the default <Directory /> tag and inside the <Directory
> > "/var/www/html"> tag -- I placed a modified copy of httpd.conf at:
> > http://209.160.28.154/httpd.conf
> > and in /var/www/html I placed a .htaccess file containing these lines:
> >>>>
> > ErrorDocument 403 /banned_ip.php
> > order deny,allow
> > deny from 71.112.32.149
> >>>>
> > and restarted the server. Â (The page 
> http://209.160.28.154/banned_ip.php
> > shows the message you're supposed to see when 
> connecting from a banned IP.
> > Â 71.112.32.149 is my home machine IP which I've "banned" for testing
> > purposes.)
> >
> > So like I said, that almost works, where 
> http://209.160.28.154/index.html
> > gives the right error message, but 
> http://209.160.28.154/ does not. Â Any
> > idea how to change is to that all URLs under 
> http://209.160.28.154/ will
> > give the "banned IP" message if connecting from a banned IP?
> >
> > Â  Â  Â  Â -Bennett
> >
>
>If you want to block the IPs on all services you could use iptables
>along with ipset.
>You could also put them directly in iptables as chain rules, but as
>the number of IPs increases, it increases the CPU usage like hell.
>ipset is viable solution in that case.
>You just need kernel headers and (probably, I don't remember)
>netfilter source to compile iptables.

Yeah but rather than blocking the entire 
connection, I wanted to be able to put a message 
telling people to e-mail me if they think their 
IP has been blocked by mistake.

         -Bennett 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message