httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Prindeville <philipp_s...@redfish-solutions.com>
Subject Re: [users@httpd] Identifying banned networks correctly, but unable to block access
Date Tue, 12 Oct 2010 23:14:40 GMT
  On 10/12/10 10:32 AM, Eric Covener wrote:
> On Tue, Oct 12, 2010 at 12:42 PM, Philip Prindeville
> <philipp_subx@redfish-solutions.com>  wrote:
>>   I'm trying to use mod_geoip and mod_setenvif to blacklist certain
>> countries.  The tests seem to work an correctly identify the sources... it's
>> the mod_authz_host part that's tripping me up.
>>
>> And the end of my mod_setenvif.conf I have:
>>
>> LogFormat "is_a_bogon=%{is_a_bogon}e CC=%{GEOIP_COUNTRY_CODE}e" env
>> CustomLog logs/env_log env env=is_a_bogon
>>
>> <Directory "/var/www/html">
>>     Deny from env=is_a_bogon
>> </Directory>
> What's the effective value of "Order" at this point (hopefully 'allow, deny')
>
> Do you have Allow in htaccess or<location>  that might be getting merged in?
>

It's a pretty stock RPM config:

conf/httpd.conf:

DocumentRoot "/var/www/html"

...

<Directory />
     Options FollowSymLinks
     AllowOverride None
</Directory>

<Directory "/var/www/html">
...
     Order allow,deny
     Allow from all
</Directory>

...
AccessFileName .htaccess

...
<Files ~ "^\.ht">
     Order allow,deny
     Deny from all
</Files>

...
Alias /icons/ "/var/www/icons/"

<Directory "/var/www/icons">
...
     AllowOverride None
     Order allow,deny
     Allow from all
</Directory>

...
Alias /cgi-bin /var/www/cgi-bin
<Directory "/var/www/cgi-bin">
     AllowOverride None
     Options +ExecCGI
     Order allow,deny
     Allow from all
</Directory>

...
<Location /server-status>
     SetHandler server-status
     Order deny,allow
     Deny from all
#    Allow from .example.com
     Allow from .redfish-solutions.com
     Allow from .localdomain
</Location>

...


then conf.d/mod_setenvif.conf:

...
<Directory "/var/www/html">
     Deny from env=is_a_bogon
</Directory>
...


Not seeing any application Location directives.

The only Files directives are in conf.d/ssl.conf and wouldn't apply here.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message