tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fredk2 <fre...@gmail.com>
Subject Re: Tomcat and Apache Deny rules
Date Thu, 06 Dec 2007 17:32:16 GMT

Hi,

Any reasons as to why not set the directives in the httpd.conf instead of
.htaccess ?
.htaccess only matters to requests for the directory it is in.

Fred

Aaron Brown-5 wrote:
> 
> I've been trying to block the litefinder malicious bot which scours our
> site
> every day and tries to access pages with the incorrect case, thus causing
> crazy amounts of errors to get thrown.
> 
> We have an Apache 2.2.4 front end using mod_jk to load balance against 9
> Tomcat instances on 6 separate machines.
> 
> I have an .htaccess file that blocks based on user agent along with some
> known ip addresses for the bot.  This works correctly for all static
> content.  That is, when I change my browser's user agent to "litefinder",
> and access the site, I am denied all gif, jpg, css, js, etc files. 
> However,
> all the dynamic content is passed on to Tomcat without honoring the rules
> in
> .htaccess, thus not solving my problem.
> 
> My question is basically, how do I/can I make Apache enforce my deny rules
> even for JkMount'ed data?  If you need more info, I'm happy to provide.
> 
> Thanks!
> Aaron 
> 
> ==========================
> 
> Here is the .htaccess file in my webroot:
> 
> #block litefinder malicious crawler
> SetEnvIfNoCase User-Agent LiteFinder stayout=1
> Order Allow,deny
> Allow from all
> Deny from env=stayout
> Deny from 208.101.44.3
> Deny from 209.160.65.42
> Deny from 209.62.109.178
> Deny from 216.40.220.34
> Deny from 216.40.222.50
> Deny from 216.40.222.66
> Deny from 216.40.222.82
> Deny from 216.40.222.98
> Deny from 67.19.114.226
> Deny from 67.19.250.26
> Deny from 70.85.113.242
> Deny from 74.53.243.226
> Deny from 74.53.243.242
> Deny from 74.53.244.18
> Deny from 74.53.249.34
> Deny from 74.86.209.74
> Deny from 74.86.249.98
> Deny from 75.125.18.178
> Deny from 75.125.47.162
> Deny from 75.125.52.146
> Deny from 84.19.176.208
> Deny from 87.118.118.111
> Deny from 87.118.98.57
> Deny from 87.118.98.62
> 
> Here is the relevant section from my httpd.conf
> 
> <VirtualHost ****:80>
>     DocumentRoot ****
>     ServerName *****
>     JkMount /jkstatus/* status
>     JkMount /* v3lb
>     JkMount /captcha/Captcha.jpg v3lb
>     JkUnMount /member/bzzmap/*.xml v3lb
>     JkUnMount /member/bzzmap/*.swf v3lb
>     JkUnMount /manager/* v3lb
>     JkUnMount /images/* v3lb
>     JkUnMount /awstats/* v3lb
>     JkUnMount /img/* v3lb
>     JkUnMount /js/* v3lb
>     JkUnMount /*.gif v3lb
>     JkUnMount /*.png v3lb
>     JkUnMount /*.pdf v3lb
>     JkMount /captcha/* v3lb
>     JkUnMount /member/campaigns/*.jpg v3lb
>     JkUnMount /*.css v3lb
>     JkUnMount /*.html v3lb
>     JkUnMount /*.mov v3lb
>     JkUnMount /*.wmv v3lb
>     JkUnMount /*.rm v3lb
>     JkUnMount /*.ram v3lb
>     #JkUnMount /*.swf v3lb
>     JkUnMount /*.mpeg v3lb
>     JkUnMount /*.mpg v3lb
>     JkUnMount /*.mp3 v3lb
>     JkUnMount /*.xml v3lb
>     JkMount /dwr v3lb
>     ErrorLog logs/www.error_log
>     CustomLog logs/www.access_log combined
> </VirtualHost>
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Tomcat-and-Apache-Deny-rules-tf4956657.html#a14196976
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message