logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: blocking IP addresses like ipchains does in linux
Author
GeneG



Joined: 29 Jan 2020
Posts: 6
Location: USA

PostPosted: Sat 21 Mar '20 4:26    Post subject: blocking IP addresses like ipchains does in linux Reply with quote

In another thread…….

"We do not use order,allow,deny,satify in 2.4. Yes mod_access_compat allows us to use them, but mixing the old and new typically (always in my case when I tried long ago) causes strange behavior. Not using old style also means one less module needs to be loaded.

In 2.4 the default is <RequireAny> (Satisfy Any in 2.2) but it can be changed with <RequireAll> and <RequireNone> containers.

So:

Code:
<Files *>
<RequireAll>
Require all granted
Require not ip 114.134.184.0/21
</RequireAll>
</Files>
<Files .htaccess>
Require all denied
</Files>


see http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
Back to top

elsheepo



Joined: 07 Jan 2018
Posts: 2
Location: Japan, Nagaoka
Posted: Mon 19 Feb '18 19:22 Post subject:


glsmith, that worked Thank you so much!!"


Where does one put that "Code"?

I have many virtual host "containers" and it would be better if I could put that "Code" in a "global" configuration.

Many thanks in advance for your help in this matter.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Sun 22 Mar '20 13:45    Post subject: Reply with quote

Better use the fire wall. Once upon a time there was wail2ban
Back to top
GeneG



Joined: 29 Jan 2020
Posts: 6
Location: USA

PostPosted: Mon 23 Mar '20 2:52    Post subject: Reply with quote

"Better use the fire wall. Once upon a time there was wail2ban"

Huh?

Was that an answer?

I can't tell. LOL
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 23 Mar '20 3:36    Post subject: Reply with quote

I couldn't really tell what the question was. It just looked like a quoted part of a previous conversation.

I also do not know much about Linux being the Wintard I am. I've heard of iptables (a software firewall I think) but never ipchains.
Back to top
GeneG



Joined: 29 Jan 2020
Posts: 6
Location: USA

PostPosted: Mon 23 Mar '20 4:14    Post subject: Reply with quote

gl, that was your post I was referring to.

Where do I put that chunk of code that blocks IPs?

In the main conf file?

I'd rather not have to put it in each and every vhost "container".

Thanks in advance.

BTW, ipchains is ancient. I used it in RedHat 6.2 15 years ago. LOL
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Mon 23 Mar '20 12:01    Post subject: Reply with quote

Just within your directory part of the vhost

Code:

DocumentRoot "/Users/jblond/www/"
<Directory "/Users/jblond/www/">
   Options Indexes FollowSymLinks
   AllowOverride All
   Require all granted
   Require not ip 114.134.184.0/21
</Directory>
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 23 Mar '20 18:27    Post subject: Reply with quote

@JBlond, no, he wants it to be global, like the <Files> to keep prying eyes off .htaccess/htpasswd files.

@GeneG, yes out in the open. Very bottom of httpd.conf works. Just so long as it's not inside any other <Containers>.
Back to top


Reply to topic   Topic: blocking IP addresses like ipchains does in linux View previous topic :: View next topic
Post new topic   Forum Index -> Apache