Unable to use httpd.conf to block certain IPs

Fix it!!

Unable to use httpd.conf to block certain IPs

Postby flowersrj » Tue Jun 30, 2009 6:20 pm

Hi,

Trying to prevent some IPs accessing the webserver using the code below in httpd.conf. I know it reads the file because the logfile is created but never gets updated. One of the IPs is mine so I know its not working.

Thanks for looking,
Rich
------------------------------------------------------------------------------------------------------
Options +FollowSymLinks

RewriteEngine On
RewriteLog /var/log/apache2/rewrite.log
RewriteLogLevel 4

# block some IPs
RewriteCond %{REMOTE_HOST} ^128\.147\.28\.2$ [NC,OR]
RewriteCond %{REMOTE_HOST} ^76\.120\.153\.220$ [NC,OR]
RewriteCond %{REMOTE_HOST} ^192\.168\.1\.105$ [NC,OR]
RewriteCond %{REMOTE_HOST} ^61\.(.*)$ [NC]
RewriteRule ^(.*)$ - [R,L]
flowersrj
 
Posts: 13
Joined: Tue Jun 30, 2009 5:59 pm

Postby richardk » Wed Jul 01, 2009 8:31 am

Where are you putting it in the httpd.conf file?
Do you have <VirtualHost>s?

mod_authz_host is better for IP blocking, try
Code: Select all
Order Allow,Deny
Allow from all
Deny from 128.147.28.2
Deny from 76.120.153.220
Deny from 61
# For testing:
Deny from 192.168.1.105 127.0.0.1
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby flowersrj » Wed Jul 01, 2009 8:57 am

richardk,

Actually, that is the entire code from my httpd.conf file.

I am using the virtual host called DEFAULT that is created on an LAMP server install of Ubuntu.

REMOTE_HOST is was replaced with REMOTE_ADDR in my file. I have tried both with same results from 2 of the IPs.

Do you mean mod authz_host? This is already enabled--apparently by default.

Rich
flowersrj
 
Posts: 13
Joined: Tue Jun 30, 2009 5:59 pm

Postby richardk » Fri Jul 03, 2009 8:43 am

Actually, that is the entire code from my httpd.conf file.

Do you have an apache2.conf or similar with the configuration in, then?

I am using the virtual host called DEFAULT that is created on an LAMP server install of Ubuntu.

Have you tried putting the code in the <VirtualHost>?

Do you mean mod authz_host? This is already enabled--apparently by default.

Yes (that's what i linked to). Have you tried the code i provided? You may have to find all occurrences of
Code: Select all
Order allow,deny
Allow from all

and replace them with it.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby flowersrj » Fri Jul 03, 2009 10:59 am

Yes,

I think it is working now but nothing is written to the rewrite log file I defined.

-Rich
flowersrj
 
Posts: 13
Joined: Tue Jun 30, 2009 5:59 pm

Postby richardk » Sat Jul 04, 2009 11:04 am

And you're using the mod_rewrite?
Is the log file defined at the same place as you use the mod_rewrite?
Have you set a RewriteLogLevel (to 9 for debugging)?
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby flowersrj » Sun Jul 05, 2009 7:09 am

richardk,

I believe MOD_REWRITE is loaded because when I try some of the test html found on the web I get positive results that it is running.

The log file I have defined by REWRITELOG is created when I restart APACHE but remains at 0 bytes size.

REWRITELOGLEVEL was set at 9 then at 4 and I just reset to 9 as I write this.

ACCESS.LOG in /var/log/apache2/ folder lists all the GET attempts I am trying to stop like those looking to get PHP files from the server.

Rich
flowersrj
 
Posts: 13
Joined: Tue Jun 30, 2009 5:59 pm

Postby richardk » Mon Jul 06, 2009 11:47 am

I believe MOD_REWRITE is loaded because when I try some of the test html found on the web I get positive results that it is running.

Try this mod_rewrite test in the same location as the ip blocking mod_rewrite.
Do you have mod_rewrite anywhere else? (It could be interfering.)

Have you tried
Code: Select all
Order Allow,Deny
Allow from all
Deny from 128.147.28.2
Deny from 76.120.153.220
Deny from 61
# For testing:
Deny from 192.168.1.105 127.0.0.1

yet?
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby flowersrj » Tue Jul 07, 2009 6:53 pm

I tried the mod rewritetest by puuting code in .htaccess in /var/www and I get:


Not Found

The requested URL /modrewrite was not found on this server.
flowersrj
 
Posts: 13
Joined: Tue Jun 30, 2009 5:59 pm

Postby richardk » Wed Jul 08, 2009 8:28 am

I tried the mod rewritetest by puuting code in .htaccess in /var/www

That isn't where you are putting the IP blocking mod_rewrite, though, is it. You need to put it where the IP blocking code will go.

I get:

Not Found

The requested URL /modrewrite was not found on this server.

In your httpd.conf file, find
Code: Select all
<Directory "/var/www">

Add or update the following lines
Code: Select all
AllowOverride All
Options +FollowSymLinks
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Next

Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 6 guests

cron