Re: [users@httpd] Identifying banned networks correctly, but unable to block access

Tue, 12 Oct 2010 16:15:21 -0700 

 On 10/12/10 10:32 AM, Eric Covener wrote:

On Tue, Oct 12, 2010 at 12:42 PM, Philip Prindeville
<philipp_s...@redfish-solutions.com>  wrote:

  I'm trying to use mod_geoip and mod_setenvif to blacklist certain
countries.  The tests seem to work an correctly identify the sources... it's
the mod_authz_host part that's tripping me up.

And the end of my mod_setenvif.conf I have:

LogFormat "is_a_bogon=%{is_a_bogon}e CC=%{GEOIP_COUNTRY_CODE}e" env
CustomLog logs/env_log env env=is_a_bogon

<Directory "/var/www/html">
    Deny from env=is_a_bogon
</Directory>

What's the effective value of "Order" at this point (hopefully 'allow, deny')

Do you have Allow in htaccess or<location>  that might be getting merged in?



It's a pretty stock RPM config:

conf/httpd.conf:

DocumentRoot "/var/www/html"

...

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

<Directory "/var/www/html">
...
    Order allow,deny
    Allow from all
</Directory>

...
AccessFileName .htaccess

...
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

...
Alias /icons/ "/var/www/icons/"

<Directory "/var/www/icons">
...
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

...
Alias /cgi-bin /var/www/cgi-bin
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options +ExecCGI
    Order allow,deny
    Allow from all
</Directory>

...
<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
#    Allow from .example.com
    Allow from .redfish-solutions.com
    Allow from .localdomain
</Location>

...


then conf.d/mod_setenvif.conf:

...
<Directory "/var/www/html">
    Deny from env=is_a_bogon
</Directory>
...


Not seeing any application Location directives.

The only Files directives are in conf.d/ssl.conf and wouldn't apply here.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to