|
"Deny from" IP address using http.conf (Apache 2) not blocking the IP address
Hi Folks.
I have a goof that keeps passing bogus POST data to a form on one of my web sites about every half hour. I have the IP address. I thought all I needed to do was modify httpd.conf and restart. <Directory "/web"> Options FollowSymLinks Includes AllOverride None Order allow,deny Allow from all Deny from xxx.xxx.0.0/16 Deny from xx.xx.xxx.xxx </Directory> The last "Deny from" is what I added today. I presume that the original xxx.xxx.0.0/16 is working because addresses in that range no longer show up in my log files. However, the one I added today, xx.xx.xxx.xxx isn't being blocked. I tried xx.xx.xxx.xxx/32 as well. I went back through Apache documentation and it looks like what I'm doing is correct. Am I missing something? Thanks in advance for any replies, especially in the next 8 minutes before my half-hourly scheduled visit from this person. :) G.-- |
Try this:
<Directory "/web"> Options FollowSymLinks Includes AllOverride None Order deny,allow Deny from xxx.xxx.0.0/16 Deny from xx.xx.xxx.xxx Allow from all </Directory> |
Hmm. Unfortunately that didn't work (I think "Allow from all" at the end overrides all the "deny" lines, even if the order is deny,allow). Thank you for replying, however.
When I do it the original way I listed it, and use my own IP address, it "works." That is, if I try to request a web page from my server I get the Red Hat Linux Test Apache page and an error gets written to the error-log for the web site. However, when I replace my address with the one of the goon in Russia that keeps POSTing to one of my pages, the lines still appear in the normal access-log, not the error-log, which is what is confusing me (and obviously I can't see what displays on their browser...). No matter. Code:
-A RH-Firewall-1-INPUT -s xx.xx.xxx.xxx -m state --state NEW -m tcp -p tcp --dport 80 -j DROPG.-- |
| All times are GMT -5. The time now is 11:04 AM. |