On 10/12/10 10:32 AM, Eric Covener wrote:
On Tue, Oct 12, 2010 at 12:42 PM, Philip Prindeville
<philipp_s...@redfish-solutions.com> wrote:
I'm trying to use mod_geoip and mod_setenvif to blacklist certain
countries. The tests seem to work an correctly identify the sources... it's
the mod_authz_host part that's tripping me up.
And the end of my mod_setenvif.conf I have:
LogFormat "is_a_bogon=%{is_a_bogon}e CC=%{GEOIP_COUNTRY_CODE}e" env
CustomLog logs/env_log env env=is_a_bogon
<Directory "/var/www/html">
Deny from env=is_a_bogon
</Directory>
What's the effective value of "Order" at this point (hopefully 'allow, deny')
Do you have Allow in htaccess or<location> that might be getting merged in?
It's a pretty stock RPM config:
conf/httpd.conf:
DocumentRoot "/var/www/html"
...
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
...
Order allow,deny
Allow from all
</Directory>
...
AccessFileName .htaccess
...
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
...
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
...
AllowOverride None
Order allow,deny
Allow from all
</Directory>
...
Alias /cgi-bin /var/www/cgi-bin
<Directory "/var/www/cgi-bin">
AllowOverride None
Options +ExecCGI
Order allow,deny
Allow from all
</Directory>
...
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
# Allow from .example.com
Allow from .redfish-solutions.com
Allow from .localdomain
</Location>
...
then conf.d/mod_setenvif.conf:
...
<Directory "/var/www/html">
Deny from env=is_a_bogon
</Directory>
...
Not seeing any application Location directives.
The only Files directives are in conf.d/ssl.conf and wouldn't apply here.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org