Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Denying acces to all URL's from "offending" ip or |
|
| Author |
|
Birger52
Joined: 26 Jun 2016
Posts: 4
Location: Denmark, Bandholm
|
 Posted: Sun 26 Jun '16 18:33 Post subject: Denying acces to all URL's from "offending" ip or |
 |
|
Win7 64bit
Apache 2.4.9
Private for fun, experimenting and learning server, in my own home.
Clean install, only absolutely needed canges made to httpd.conf to make the server function.
Virtual hosts set up and working just fine (even tho the examples and actually setup does use Allow, Deny etc. not the Require, that should be used in 2.4.9 ...)
I can see in logs that many think I use word-press and want acces, and many would like to access my databases.
Was looking for software, that would allow working with logs (splitting into monthly, removing my own working access, etc.) - didn't find any, so created a site, that allow ME to do it via PHP.
Created a file /conf/extra/ban-krim.conf, that is Included in httpd.conf
File containing required directives to block "intruders", can then be edited from my site, taking effect at the next restart of the server. Or so was the idea.
Have tried a number of things.
Set ErrorLevel to Debug to capture errors. But nothing ever reaches apache-error.log ...
Not even the normal series of startup registrations are there - the server just does not start, and ikon remains yellow.
Trying to set it offline (or online - whichever is available - seems to differ, depeding on how the server is stopped/strateted), I get a note in a small window:
| Quote: | Could not execute menu item (internal error)
[Exception] Could not perform service action:
Service has not started |
(The last line in danish, which wouldn't make much sense here...)
<Location /> is what per documentation should be used to affect all parts of the server.
Require to grant or deny access.
basic thought was like this:
| Code: | <Location />
Require all granted
<RequireNone>
Require ip banned.ip
Require host banned.host
etc....
<RequireNone>
</Location> |
But no matter what I do, it doesn't do anything, but prevent the server from starting.
I have used <Directory, tried "Require not ip" instead of the <RequireNone block
Even tried using Allow Deny ...
Also Tried moving the hole thing to httpd.conf insted of includng it
But no matter what I do, the server will not start, with my additions - no errors logs, just the message onscreen...
Any help/explanation will be appreciated... [/quote] |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7355
Location: Germany, Next to Hamburg
|
| Posted: Sun 26 Jun '16 18:56 Post subject: |
|
|
Use this
| Code: |
<RequireAll>
Require all granted
Require not ip 212.105.204.244
</RequireAll>
|
|
|
| Back to top |
|
Birger52
Joined: 26 Jun 2016
Posts: 4
Location: Denmark, Bandholm
|
| Posted: Sun 26 Jun '16 23:31 Post subject: Thx |
|
|
This works with the <Directory directive - not with the <Location
Don't know for sure that it actually denies access for anybody, but at least the server starts...
Would be odd, if it don't, tho. Will test tomorrow... |
|
| Back to top |
|
Birger52
Joined: 26 Jun 2016
Posts: 4
Location: Denmark, Bandholm
|
| Posted: Thu 30 Jun '16 12:41 Post subject: Sorry for the delay - followup |
|
|
Fumbled a little around, with this, and could not make i function.
Because I had somwhere else allowing me myself, to do anything.
Anyhow - ended up with a structure like this:
| Code: | <Directory "[path to www that contains all sites in subfolders]">
Options Indexes FollowSymLinks
AllowOverride none
<RequireAll>
Require all granted
<RequireNone>
Require ip ....
Require host ....
...
</RequireNone>
</RequireAll>
</Directory> |
And it gets the job done.
Thx again. |
|
| Back to top |
|
|
|
|
|
|
