httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From motty cruz <motty.c...@gmail.com>
Subject Re: [users@httpd] block directories using Apache22
Date Wed, 12 Jun 2013 16:22:15 GMT
you're right I did not have htaccess override set to allow, I just fixed it
too;

yeah, them busters are giving me headache lately,

Thanks again!


On Wed, Jun 12, 2013 at 9:17 AM, David Guerra <imdavidguerra@gmail.com>wrote:

> Glad I could help.
>
> Your issue is probably that you don't have htaccess override set to allow.
> :)
>
> Kick those bots!
>
>
> On Wed, Jun 12, 2013 at 12:16 PM, motty cruz <motty.cruz@gmail.com> wrote:
>
>> I am not using virtual host, I'm adding to .htaccess in the root
>> directory of web site.
>>
>> but after adding this to my httpd.conf file it worked perfectly fine.
>>
>> Thank you very much David for your help,
>>
>> -Motty
>>
>>
>> On Wed, Jun 12, 2013 at 9:09 AM, David Guerra <imdavidguerra@gmail.com>wrote:
>>
>>> Yes, it should work just fine.  Are you putting this in the virtual host?
>>>
>>>
>>> On Wed, Jun 12, 2013 at 12:08 PM, motty cruz <motty.cruz@gmail.com>wrote:
>>>
>>>> Thanks for your help David,
>>>>
>>>> can this be accomplish in httpd.conf?
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> On Wed, Jun 12, 2013 at 9:07 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>>
>>>>> 192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php
>>>>> HTTP/1.1" 200 1085
>>>>>
>>>>> I am still able to get access from a different IP than the one allow
>>>>> in .htaccess
>>>>> as you suggest:
>>>>> <Files wp-login.php>
>>>>> order deny,allow
>>>>> Deny from all
>>>>> allow from 192.168.8.4
>>>>> </Files>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jun 12, 2013 at 9:01 AM, David Guerra <imdavidguerra@gmail.com
>>>>> > wrote:
>>>>>
>>>>>> Try this format:
>>>>>>
>>>>>> <Files wp-login.php>
>>>>>> order deny,allow
>>>>>> Deny from all
>>>>>> allow from xx.xxx.xx.xx
>>>>>> allow from xx.xxx.xx.xx
>>>>>> </Files>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>>>>
>>>>>>> Hello David,
>>>>>>>
>>>>>>> this is the content on .htaccess
>>>>>>> # BEGIN WordPress
>>>>>>> <IfModule mod_rewrite.c>
>>>>>>> RewriteEngine On
>>>>>>> RewriteCond %{REQUEST_METHOD} POST
>>>>>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]
>>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
>>>>>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>>>> RewriteRule ^(.*)$ - [R=403,L]
>>>>>>> RewriteBase /
>>>>>>> RewriteRule ^index\.php$ - [L]
>>>>>>> RewriteCond %{REQUEST_FILENAME} !-f
>>>>>>> RewriteCond %{REQUEST_FILENAME} !-d
>>>>>>> RewriteRule . /index.php [L]
>>>>>>> </IfModule>
>>>>>>>
>>>>>>> <FilesMatch wp-login.php>
>>>>>>> Order Deny,Allow
>>>>>>> Deny from all
>>>>>>> Allow from 192.169.8.4
>>>>>>> </FilesMatch>
>>>>>>>
>>>>>>> # END WordPress
>>>>>>>
>>>>>>> but no success!
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <
>>>>>>> imdavidguerra@gmail.com> wrote:
>>>>>>>
>>>>>>>> Flop Allow and Deny so that your IP is whitelisted after
the Deny
>>>>>>>> from all.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.cruz@gmail.com>wrote:
>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>> I am trying to block a directory from being access except
my IP
>>>>>>>>> but I had being unsuccessful in doing so, please help:
First I place this
>>>>>>>>> in httpd.conf
>>>>>>>>>
>>>>>>>>> <Directory "/usr/local/www/apache22/data">
>>>>>>>>>     Options Indexes FollowSymLinks
>>>>>>>>>     Options ALL -Indexes
>>>>>>>>>     IndexIgnore *
>>>>>>>>>     AllowOverride None
>>>>>>>>>     Order allow,deny
>>>>>>>>>     Allow from all
>>>>>>>>>     RewriteEngine On
>>>>>>>>>     RewriteBase /
>>>>>>>>>     RewriteCond %{REQUEST_METHOD} POST
>>>>>>>>>     RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com
[NC]
>>>>>>>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$
[OR]
>>>>>>>>>     RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
>>>>>>>>>     RewriteRule ^(.*)$ - [R=403,L]
>>>>>>>>>     RewriteCond %{QUERY_STRING} base64_encode.*\(.*\)
[OR]
>>>>>>>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E)
[NC,OR]
>>>>>>>>>     RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E)
[NC,OR]
>>>>>>>>>     RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2})
[OR]
>>>>>>>>>     RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
>>>>>>>>>     RewriteRule ^(.*)$ index_error.php [F,L]
>>>>>>>>>     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>>>>>>>>>     RewriteRule .* - [F]
>>>>>>>>>     RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]
>>>>>>>>>     RewriteCond %{REQUEST_FILENAME} !-f
>>>>>>>>>     RewriteCond %{REQUEST_FILENAME} !-d
>>>>>>>>>     RewriteRule . /index.php [L]
>>>>>>>>> </Directory>
>>>>>>>>>
>>>>>>>>> I also tried this : on the / directory .htaccess
>>>>>>>>> <FilesMatch wp-login.php>
>>>>>>>>> Order Allow,Deny
>>>>>>>>> Allow from 192.168.8.4
>>>>>>>>> Deny from all
>>>>>>>>> </FilesMatch>
>>>>>>>>>
>>>>>>>>> Is the wp-admin or wp-login.php script that I'm trying
to protect
>>>>>>>>> from brute force attacks,
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Motty
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

Mime
View raw message