logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: blocking a range of IP addresses using .htaccess
Author
elsheepo



Joined: 07 Jan 2018
Posts: 2
Location: Japan, Nagaoka

PostPosted: Sun 18 Feb '18 5:45    Post subject: blocking a range of IP addresses using .htaccess Reply with quote

Hello all, thanks for taking a look at this post! So, my web-server is running Apache-2.4.27 and I currently have a working .htaccess file, restricting access to my DocumentRoot from a long list of international IP ranges (for the sake of this post I have reduced it down to one IP range from Cambodia). It is using the Apache-2.2 access control directives as such...
Code:

<Files *>
    order deny,allow
    # Cambodia (KH)
    deny from 114.134.184.0/21
</Files>
<Files .htaccess>
    deny from all
</Files>

This works, but as I am running Apache-2.4.27 I would like my .htaccess to use the new Require directives available as of Apache-2.3, but when I apply these new directives like so...
Code:

<Files *>
    order deny,allow
    # Cambodia (KH)
    Require 114.134.184.0/21 denied
</Files>
<Files .htaccess>
    Require not all
</Files>

and restart Apache, the web-page results in an "Internal Server Error". /var/log/apache2/error.log reports...
Code:

[Sun Feb 18 12:41:12.420006 2018] [core:alert] [pid 31287] [client 192.168.11.20:12384] /var/www/html/.htaccess: Unknown Authz provider: 114.134.184.0/21
[Sun Feb 18 12:41:12.527052 2018] [core:alert] [pid 31288] [client 192.168.11.20:12383] /var/www/html/.htaccess: Unknown Authz provider: 114.134.184.0/21, referer: http://192.168.11.2/

Any help upgrading my .htaccess file to the Apache-2.4 standards would be greatly appreciated!!!
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Sun 18 Feb '18 21:01    Post subject: Reply with quote

We do not use order,allow,deny,satify in 2.4. Yes mod_access_compat allows us to use them, but mixing the old and new typically (always in my case when I tried long ago) causes strange behavior. Not using old style also means one less module needs to be loaded.

In 2.4 the default is <RequireAny> (Satisfy Any in 2.2) but it can be changed with <RequireAll> and <RequireNone> containers.

So:

Code:
<Files *>
    <RequireAll>
    Require all granted
    Require not ip 114.134.184.0/21
    </RequireAll>
</Files>
<Files .htaccess>
    Require all denied
</Files>


see http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
Back to top
elsheepo



Joined: 07 Jan 2018
Posts: 2
Location: Japan, Nagaoka

PostPosted: Mon 19 Feb '18 15:22    Post subject: Reply with quote

glsmith, that worked Smile Thank you so much!!
Back to top


Reply to topic   Topic: blocking a range of IP addresses using .htaccess View previous topic :: View next topic
Post new topic   Forum Index -> Apache