Also "allow/deny" (or the 2.4 equiv) directives only control whether the server delivers the content, not whether the client can request an item from the server. I.e., the indication of successful blocking will be the response code changing from 200 to 403, but you'll still likely see hits. If you want to block the client from hitting the server you'd probably need to use firewall settings.
With your rewrite attempt, did you include a statement turning the rewrite engine on? ------------ Original Message ------------ > Date: Monday, May 04, 2015 09:36:50 PM -0400 > From: Yehuda Katz <yeh...@ymkatz.net> > > What version of Apache are you using? > Apache 2.4 changed the access control directives unless you > specifically enable the old style: > http://httpd.apache.org/docs/2.4/upgrading.html#access > > Also, make sure you have the correct AllowOverride statements. > > - Y > > On Mon, May 4, 2015 at 7:33 PM, Joshua Smith > <joshuasm...@scbwi.org> wrote: > >> Hi, >> >> I tried both of the following methods to block an ip address, but >> neither worked. In .htaccess, I put: >> >> Order Deny,Allow >> Deny from 123.123.123.123 >> >> and >> >> RewriteCond %{REMOTE_ADDR} ^123.123.123.123 >> RewriteRule .* /maintenance.html [R=503,L] >> >> (I do have the mod_rewrite module installed) >> >> In both cases, I put the rules at the top of the file so that it >> would be the first rules executed. >> >> After each one, i did an apachectl stop, then apachectl start. >> >> In both cases, when i monitored my site with the 'server-status' >> module, the ip address was still there, with sometimes more than >> 30 requests, and all for the same page, which was ..../login.php. >> And it continued to be there for the next 30 minutes until it >> just dropped off, but i was doing nothing to stop it at that >> point. >> >> This method of blocking has worked for me in the past. >> >> Is it possible for someone (ie a hacker…) to bypass my blocking >> method(s)? Or is there something more I need to do? >> >> Thank you, >> Josh >> ------------ End Original Message ------------ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
