httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joost de Heer <jo...@sanguis.xs4all.nl>
Subject Re: [users@httpd] How to properly block IP ranges server wide?
Date Fri, 14 Jan 2011 06:15:06 GMT
On 01/14/2011 02:40 AM, Norman Peelman wrote:
> Hello all,
>
> I've got a server with name based virtualhosts. I am getting spammers from
> various countries and would like to block these IP ranges. But I can't seem to
> figure out how to block them. How can I block them by default for the entire
> server? Where do I put the:
>
> <Directory>
> Order Allow,Deny
> Allow from all
> Deny from ip range
> ...
> Deny from ip range
> </Directory>

http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order

Allow,Deny
     First, all Allow directives are evaluated; at least one must match, or the 
request is rejected. Next, all Deny directives are evaluated. If any matches, 
the request is rejected. Last, any requests which do not match an Allow or a 
Deny directive are denied by default.

So your rule doesn't block anything, because you have an 'allow all'. So either 
change the order to 'Order deny,allow' or remove the 'allow from all' line.

If you really want to block IP addresses so they can't even reach your 
webserver, you should use a firewall.

Joost

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message