Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 01-01-2010, 12:57 AM   #1
LQ Newbie
Registered: Dec 2009
Posts: 6

Rep: Reputation: 0
Putting IP blocking in a separate conf file


Running Red Hat (not sure of the build atm) and I need to be able to put all of the IP blocking in a separate file. It will eventually be uploaded to a large number of hosting accounts, and modified from time to it isn't feasible to modify that many httpd.conf files each time we need to add an IP to be blocked.

In httpd.conf I can add the "Deny from" line to the following directive and blocks it just fine:
<Directory "/var/www/html">

# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
# The Options directive is both complicated and important.  Please see
# for more information.
    Options FollowSymLinks MultiViews Includes
    AddHandler cgi-script .cgi .pl .py .sh

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
    AllowOverride All

# Controls who can get stuff from this server.
    Order allow,deny
    Allow from all
    Deny from 123.456.789.098
There is an include to pick up all *conf files in ../conf.d, and everything else in there is working just fine. I created a file called robots.conf; it currently has a set of mod_rewrite rules which work. So I added this to that file:

<Directory "/var/www/html">
	Order allow,deny
	Allow from all
	Deny from 123.456.789.098
It is not blocking access from the IP with it in there. I've done all of the usual things; restarted Apache, cleared browser cache etc. I can also block it using that same directive in a local .htaccess.

Any suggestions? TIA!


Last edited by Fliggerty; 01-01-2010 at 12:59 AM.
Old 01-01-2010, 08:17 AM   #2
Registered: Jan 2007
Location: Canton, MI
Distribution: CentOS, SuSE, Red Hat, Debian, etc.
Posts: 703

Rep: Reputation: 97
It sounds like your <Directory "/var/www/html"> definition is appearing
twice, once in the httpd.conf and again in the robots.conf. I'll bet
that apache is ignoring the second one.

Check your logs for error messages after restarting apache. It may
give a clue.
Old 01-01-2010, 08:46 AM   #3
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,843

Rep: Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596

What you can do, is to use .htaccess and the SetEvnIf directive. Put the following in .htaccess in the directory you want to protect:
Order Allow,Deny
Allow from all
Deny from env=block

SetEnvIf Remote_Addr 123.456.789.098 block
SetEnvIf Remote_Addr 111.222.333.444 block
And you can add more ips, running:
echo "SetEnvIf Remote_Addr x.x.x.x block" >> /path/to/docroot/.htaccess

BTW carltm is right, you cannot have 2 <Directory "/var/www/html"> definitions.



apache, block, ip

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
locate grub.conf on a separate /boot partition to edit in an additional kernel ktek Linux - Newbie 6 10-03-2008 08:21 PM
trouble setting up separate desktops with xorg.conf and ATI X1300 Video Card robthom Linux - Hardware 2 05-24-2008 04:09 PM
Purpose of putting /usr on separate partition fitzov Debian 10 05-11-2007 12:43 PM
SUSE 9.1: named.conf works, but including separate conf files doesn't??? registering Linux - Distributions 0 06-09-2004 04:03 PM
Blocking IP Address ranges in dhcpd.conf pmcdaid Linux - Networking 4 06-09-2004 09:18 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:15 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration