logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Denying acces to all URL's from "offending" ip or
Author
Birger52



Joined: 26 Jun 2016
Posts: 4
Location: Denmark, Bandholm

PostPosted: Sun 26 Jun '16 18:33    Post subject: Denying acces to all URL's from "offending" ip or Reply with quote

Win7 64bit
Apache 2.4.9

Private for fun, experimenting and learning server, in my own home.
Clean install, only absolutely needed canges made to httpd.conf to make the server function.
Virtual hosts set up and working just fine (even tho the examples and actually setup does use Allow, Deny etc. not the Require, that should be used in 2.4.9 ...)
I can see in logs that many think I use word-press and want acces, and many would like to access my databases.
Was looking for software, that would allow working with logs (splitting into monthly, removing my own working access, etc.) - didn't find any, so created a site, that allow ME to do it via PHP.

Created a file /conf/extra/ban-krim.conf, that is Included in httpd.conf
File containing required directives to block "intruders", can then be edited from my site, taking effect at the next restart of the server. Or so was the idea.
Have tried a number of things.
Set ErrorLevel to Debug to capture errors. But nothing ever reaches apache-error.log ...
Not even the normal series of startup registrations are there - the server just does not start, and ikon remains yellow.
Trying to set it offline (or online - whichever is available - seems to differ, depeding on how the server is stopped/strateted), I get a note in a small window:
Quote:
Could not execute menu item (internal error)
[Exception] Could not perform service action:
Service has not started

(The last line in danish, which wouldn't make much sense here...)

<Location /> is what per documentation should be used to affect all parts of the server.
Require to grant or deny access.
basic thought was like this:
Code:
<Location />
   Require all granted
   <RequireNone>
      Require ip banned.ip
      Require host banned.host
      etc....
   <RequireNone>
</Location>


But no matter what I do, it doesn't do anything, but prevent the server from starting.
I have used <Directory, tried "Require not ip" instead of the <RequireNone block
Even tried using Allow Deny ...
Also Tried moving the hole thing to httpd.conf insted of includng it
But no matter what I do, the server will not start, with my additions - no errors logs, just the message onscreen...

Any help/explanation will be appreciated... [/quote]
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Sun 26 Jun '16 18:56    Post subject: Reply with quote

Use this

Code:

<RequireAll>
          Require all granted
          Require not ip 212.105.204.244
       </RequireAll>
Back to top
Birger52



Joined: 26 Jun 2016
Posts: 4
Location: Denmark, Bandholm

PostPosted: Sun 26 Jun '16 23:31    Post subject: Thx Reply with quote

Very Happy
This works with the <Directory directive - not with the <Location

Don't know for sure that it actually denies access for anybody, but at least the server starts...
Would be odd, if it don't, tho. Will test tomorrow...
Back to top
Birger52



Joined: 26 Jun 2016
Posts: 4
Location: Denmark, Bandholm

PostPosted: Thu 30 Jun '16 12:41    Post subject: Sorry for the delay - followup Reply with quote

Fumbled a little around, with this, and could not make i function.
Because I had somwhere else allowing me myself, to do anything.

Anyhow - ended up with a structure like this:

Code:
<Directory "[path to www that contains all sites in subfolders]">
    Options Indexes FollowSymLinks
    AllowOverride none
   <RequireAll>
      Require all granted
      <RequireNone>
         Require ip ....
         Require host ....
         ...
      </RequireNone>
   </RequireAll>
</Directory>


And it gets the job done.

Thx again.
Back to top


Reply to topic   Topic: Denying acces to all URL's from "offending" ip or View previous topic :: View next topic
Post new topic   Forum Index -> Apache