Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 43479 invoked from network); 13 Jul 2010 12:14:05 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 13 Jul 2010 12:14:05 -0000 Received: (qmail 78779 invoked by uid 500); 13 Jul 2010 12:14:02 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 78389 invoked by uid 500); 13 Jul 2010 12:13:58 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 78362 invoked by uid 99); 13 Jul 2010 12:13:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Jul 2010 12:13:57 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of josephmmorgan@hotmail.com designates 65.55.111.96 as permitted sender) Received: from [65.55.111.96] (HELO blu0-omc2-s21.blu0.hotmail.com) (65.55.111.96) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Jul 2010 12:13:49 +0000 Received: from BLU0-SMTP49 ([65.55.111.73]) by blu0-omc2-s21.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 13 Jul 2010 05:13:28 -0700 X-Originating-IP: [64.190.251.149] X-Originating-Email: [josephmmorgan@hotmail.com] Message-ID: Received: from [127.0.0.1] ([64.190.251.149]) by BLU0-SMTP49.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Tue, 13 Jul 2010 05:13:27 -0700 Date: Tue, 13 Jul 2010 07:13:21 -0500 From: "Joseph M. Morgan" Reply-To: josephmmorgan@hotmail.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.10) Gecko/20100512 Lightning/1.0b1 Thunderbird/3.0.5 ThunderBrowse/3.3 MIME-Version: 1.0 To: users@httpd.apache.org Content-Type: multipart/alternative; boundary="------------080509000303050207000505" X-Antivirus: avast! (VPS 100713-0, 07/13/2010), Outbound message X-Antivirus-Status: Clean X-OriginalArrivalTime: 13 Jul 2010 12:13:27.0861 (UTC) FILETIME=[CCE26E50:01CB2284] X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Help with mod_authz_host --------------080509000303050207000505 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit This is an Apache 2.2 server running within a VM on CentOS. Both the authn_basic_module and the authn_host_module are loaded. I have the following directive: Order deny,allow Deny from 221.192.0.0/14 Yet, today I see in my access logs: 221.192.199.35 - - [12/Jul/2010:15:26:19 -500] -500] "GET http://www.wantsfly.com/prx2.pho?hash=abbreviated HTTP/1.0" 404 ...... Why didn't Apache block this? --------------080509000303050207000505 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit

This is an Apache 2.2 server running within a VM on CentOS.

Both the authn_basic_module and the authn_host_module are loaded.

I have the following directive:

<Directory "/var/www/html">
   Order deny,allow
   Deny from 221.192.0.0/14
</Directory>

Yet, today I see in my access logs:

221.192.199.35 - - [12/Jul/2010:15:26:19 -500] -500] "GET http://www.wantsfly.com/prx2.pho?hash=abbreviated HTTP/1.0" 404 ......

Why didn't Apache block this?

--------------080509000303050207000505--