httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Guerra <imdavidgue...@gmail.com>
Subject Re: [users@httpd] block directories using Apache22
Date Wed, 12 Jun 2013 16:17:45 GMT
Glad I could help.

Your issue is probably that you don't have htaccess override set to allow.
:)

Kick those bots!


On Wed, Jun 12, 2013 at 12:16 PM, motty cruz <motty.cruz@gmail.com> wrote:

> I am not using virtual host, I'm adding to .htaccess in the root directory
> of web site.
>
> but after adding this to my httpd.conf file it worked perfectly fine.
>
> Thank you very much David for your help,
>
> -Motty
>
>
> On Wed, Jun 12, 2013 at 9:09 AM, David Guerra <imdavidguerra@gmail.com>wrote:
>
>> Yes, it should work just fine.  Are you putting this in the virtual host?
>>
>>
>> On Wed, Jun 12, 2013 at 12:08 PM, motty cruz <motty.cruz@gmail.com>wrote:
>>
>>> Thanks for your help David,
>>>
>>> can this be accomplish in httpd.conf?
>>>
>>> Thanks,
>>>
>>>
>>> On Wed, Jun 12, 2013 at 9:07 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>
>>>> 192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php
>>>> HTTP/1.1" 200 1085
>>>>
>>>> I am still able to get access from a different IP than the one allow in
>>>> .htaccess
>>>> as you suggest:
>>>> <Files wp-login.php>
>>>> order deny,allow
>>>> Deny from all
>>>> allow from 192.168.8.4
>>>> </Files>
>>>>
>>>>
>>>>
>>>> On Wed, Jun 12, 2013 at 9:01 AM, David Guerra <imdavidguerra@gmail.com>wrote:
>>>>
>>>>> Try this format:
>>>>>
>>>>> <Files wp-login.php>
>>>>> order deny,allow
>>>>> Deny from all
>>>>> allow from xx.xxx.xx.xx
>>>>> allow from xx.xxx.xx.xx
>>>>> </Files>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>>>
>>>>>> Hello David,
>>>>>>
>>>>>> this is the content on .htaccess
>>>>>> # BEGIN WordPress
>>>>>> <IfModule mod_rewrite.c>
>>>>>> RewriteEngine On
>>>>>> RewriteCond %{REQUEST_METHOD} POST
>>>>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>>> RewriteRule ^(.*)$ - [R=403,L]
>>>>>> RewriteBase /
>>>>>> RewriteRule ^index\.php$ - [L]
>>>>>> RewriteCond %{REQUEST_FILENAME} !-f
>>>>>> RewriteCond %{REQUEST_FILENAME} !-d
>>>>>> RewriteRule . /index.php [L]
>>>>>> </IfModule>
>>>>>>
>>>>>> <FilesMatch wp-login.php>
>>>>>> Order Deny,Allow
>>>>>> Deny from all
>>>>>> Allow from 192.169.8.4
>>>>>> </FilesMatch>
>>>>>>
>>>>>> # END WordPress
>>>>>>
>>>>>> but no success!
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <
>>>>>> imdavidguerra@gmail.com> wrote:
>>>>>>
>>>>>>> Flop Allow and Deny so that your IP is whitelisted after the
Deny
>>>>>>> from all.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>> I am trying to block a directory from being access except
my IP but
>>>>>>>> I had being unsuccessful in doing so, please help: First
I place this in
>>>>>>>> httpd.conf
>>>>>>>>
>>>>>>>> <Directory "/usr/local/www/apache22/data">
>>>>>>>>     Options Indexes FollowSymLinks
>>>>>>>>     Options ALL -Indexes
>>>>>>>>     IndexIgnore *
>>>>>>>>     AllowOverride None
>>>>>>>>     Order allow,deny
>>>>>>>>     Allow from all
>>>>>>>>     RewriteEngine On
>>>>>>>>     RewriteBase /
>>>>>>>>     RewriteCond %{REQUEST_METHOD} POST
>>>>>>>>     RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com
[NC]
>>>>>>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$
[OR]
>>>>>>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>>>>>     RewriteRule ^(.*)$ - [R=403,L]
>>>>>>>>     RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
>>>>>>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E)
[NC,OR]
>>>>>>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E)
[NC,OR]
>>>>>>>>     RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2})
[OR]
>>>>>>>>     RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
>>>>>>>>     RewriteRule ^(.*)$ index_error.php [F,L]
>>>>>>>>     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>>>>>>     RewriteRule .* - [F]
>>>>>>>>     RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
>>>>>>>>     RewriteCond %{REQUEST_FILENAME} !-f
>>>>>>>>     RewriteCond %{REQUEST_FILENAME} !-d
>>>>>>>>     RewriteRule . /index.php [L]
>>>>>>>> </Directory>
>>>>>>>>
>>>>>>>> I also tried this : on the / directory .htaccess
>>>>>>>> <FilesMatch wp-login.php>
>>>>>>>> Order Allow,Deny
>>>>>>>> Allow from 192.168.8.4
>>>>>>>> Deny from all
>>>>>>>> </FilesMatch>
>>>>>>>>
>>>>>>>> Is the wp-admin or wp-login.php script that I'm trying to
protect
>>>>>>>> from brute force attacks,
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Motty
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
View raw message