OK... trying this
<Location />
Order deny,allow
Deny from 221.192.0.0/14
</Location>
Anyone know how to test it??? Or do I just wait??? And... how will I know?
On 7/13/2010 10:40 AM, Tom Evans wrote:
On Tue, Jul 13, 2010 at 3:27 PM, Joseph M. Morgan
<josephmmor...@hotmail.com> wrote:
On 7/13/2010 9:03 AM, Tom Evans wrote:
On Tue, Jul 13, 2010 at 1:13 PM, Joseph M. Morgan
<josephmmor...@hotmail.com> wrote:
This is an Apache 2.2 server running within a VM on CentOS.
Both the authn_basic_module and the authn_host_module are loaded.
I have the following directive:
<Directory "/var/www/html">
Order deny,allow
Deny from 221.192.0.0/14
</Directory>
Yet, today I see in my access logs:
221.192.199.35 - - [12/Jul/2010:15:26:19 -500] -500] "GET
http://www.wantsfly.com/prx2.pho?hash=abbreviated HTTP/1.0" 404 ......
Why didn't Apache block this?
Are there other Deny/Allow blocks in your config that may be
overriding this one? Does this request end up not being resolved to a
on disk file, which would bypass the Directory block?
Cheers
Tom
I have the<Files ~ "^\.ht"> and the directory "/var/www/cgi-bin" as deny
from all but it makes no sense those would allow anything, would they?
The directories "var/www/error" and "var/www/icons" are Allow from all
Are you hinting that I need to add a<Files> with the deny??
<Directory> and<Files> blocks are applied when apache is planning to
serve a file, which can be bypassed if it isn't strictly a file it is
serving.
For instance, proxying never ends up with apache looking at a file on
disk, so with this config:
DocumentRoot /var/empty
<Directory /var/empty>
Order allow,deny
Deny from all
</Directory>
ProxyPass / http://app/
requests would always be allowed - everything goes thru proxy, not the
file system.
If you change from the<Directory> approach to the<Location>
approach, does it then work correctly? IE, map out exclusions in URL
space, not filesystem space.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See<URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org