LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-01-2010, 12:57 AM   #1
Fliggerty
LQ Newbie
 
Registered: Dec 2009
Posts: 6

Rep: Reputation: 0
Putting IP blocking in a separate conf file


Hello,

Running Red Hat (not sure of the build atm) and I need to be able to put all of the IP blocking in a separate file. It will eventually be uploaded to a large number of hosting accounts, and modified from time to time...so it isn't feasible to modify that many httpd.conf files each time we need to add an IP to be blocked.

In httpd.conf I can add the "Deny from" line to the following directive and blocks it just fine:
Code:
<Directory "/var/www/html">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
    Options FollowSymLinks MultiViews Includes
    AddHandler cgi-script .cgi .pl .py .sh

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
    AllowOverride All

#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all
    Deny from 123.456.789.098
</Directory>
There is an include to pick up all *conf files in ../conf.d, and everything else in there is working just fine. I created a file called robots.conf; it currently has a set of mod_rewrite rules which work. So I added this to that file:

Code:
<Directory "/var/www/html">
	Order allow,deny
	Allow from all
	Deny from 123.456.789.098
</Directory>
It is not blocking access from the IP with it in there. I've done all of the usual things; restarted Apache, cleared browser cache etc. I can also block it using that same directive in a local .htaccess.

Any suggestions? TIA!

--Fligg

Last edited by Fliggerty; 01-01-2010 at 12:59 AM.
 
Old 01-01-2010, 08:17 AM   #2
carltm
Member
 
Registered: Jan 2007
Location: Canton, MI
Distribution: CentOS, SuSE, Red Hat, Debian, etc.
Posts: 697

Rep: Reputation: 93
It sounds like your <Directory "/var/www/html"> definition is appearing
twice, once in the httpd.conf and again in the robots.conf. I'll bet
that apache is ignoring the second one.

Check your logs for error messages after restarting apache. It may
give a clue.
 
Old 01-01-2010, 08:46 AM   #3
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,910

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

What you can do, is to use .htaccess and the SetEvnIf directive. Put the following in .htaccess in the directory you want to protect:
Code:
Order Allow,Deny
Allow from all
Deny from env=block

SetEnvIf Remote_Addr 123.456.789.098 block
SetEnvIf Remote_Addr 111.222.333.444 block
And you can add more ips, running:
echo "SetEnvIf Remote_Addr x.x.x.x block" >> /path/to/docroot/.htaccess

BTW carltm is right, you cannot have 2 <Directory "/var/www/html"> definitions.

Regards
 
  


Reply

Tags
apache, block, ip


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
locate grub.conf on a separate /boot partition to edit in an additional kernel ktek Linux - Newbie 6 10-03-2008 08:21 PM
trouble setting up separate desktops with xorg.conf and ATI X1300 Video Card robthom Linux - Hardware 2 05-24-2008 04:09 PM
Purpose of putting /usr on separate partition fitzov Debian 10 05-11-2007 12:43 PM
SUSE 9.1: named.conf works, but including separate conf files doesn't??? registering Linux - Distributions 0 06-09-2004 04:03 PM
Blocking IP Address ranges in dhcpd.conf pmcdaid Linux - Networking 4 06-09-2004 09:18 AM


All times are GMT -5. The time now is 05:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration