| Author |
|
GeneG
Joined: 29 Jan 2020
Posts: 6
Location: USA
|
 Posted: Sat 21 Mar '20 4:26 Post subject: blocking IP addresses like ipchains does in linux |
 |
|
In another thread…….
"We do not use order,allow,deny,satify in 2.4. Yes mod_access_compat allows us to use them, but mixing the old and new typically (always in my case when I tried long ago) causes strange behavior. Not using old style also means one less module needs to be loaded.
In 2.4 the default is <RequireAny> (Satisfy Any in 2.2) but it can be changed with <RequireAll> and <RequireNone> containers.
So:
Code:
<Files *>
<RequireAll>
Require all granted
Require not ip 114.134.184.0/21
</RequireAll>
</Files>
<Files .htaccess>
Require all denied
</Files>
see http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
Back to top
elsheepo
Joined: 07 Jan 2018
Posts: 2
Location: Japan, Nagaoka
Posted: Mon 19 Feb '18 19:22 Post subject:
glsmith, that worked Thank you so much!!"
Where does one put that "Code"?
I have many virtual host "containers" and it would be better if I could put that "Code" in a "global" configuration.
Many thanks in advance for your help in this matter. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Sun 22 Mar '20 13:45 Post subject: |
|
|
| Better use the fire wall. Once upon a time there was wail2ban |
|
| Back to top |
|
GeneG
Joined: 29 Jan 2020
Posts: 6
Location: USA
|
| Posted: Mon 23 Mar '20 2:52 Post subject: |
|
|
"Better use the fire wall. Once upon a time there was wail2ban"
Huh?
Was that an answer?
I can't tell. LOL |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Mon 23 Mar '20 3:36 Post subject: |
|
|
I couldn't really tell what the question was. It just looked like a quoted part of a previous conversation.
I also do not know much about Linux being the Wintard I am. I've heard of iptables (a software firewall I think) but never ipchains. |
|
| Back to top |
|
GeneG
Joined: 29 Jan 2020
Posts: 6
Location: USA
|
| Posted: Mon 23 Mar '20 4:14 Post subject: |
|
|
gl, that was your post I was referring to.
Where do I put that chunk of code that blocks IPs?
In the main conf file?
I'd rather not have to put it in each and every vhost "container".
Thanks in advance.
BTW, ipchains is ancient. I used it in RedHat 6.2 15 years ago. LOL |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 23 Mar '20 12:01 Post subject: |
|
|
Just within your directory part of the vhost
| Code: |
DocumentRoot "/Users/jblond/www/"
<Directory "/Users/jblond/www/">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Require not ip 114.134.184.0/21
</Directory>
|
|
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Mon 23 Mar '20 18:27 Post subject: |
|
|
@JBlond, no, he wants it to be global, like the <Files> to keep prying eyes off .htaccess/htpasswd files.
@GeneG, yes out in the open. Very bottom of httpd.conf works. Just so long as it's not inside any other <Containers>. |
|
| Back to top |
|
