logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.


Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: converting directives in apache 2.4
Author
puertoblack2003



Joined: 31 Jul 2009
Posts: 99

PostPosted: Tue 10 Aug '21 15:41    Post subject: converting directives in apache 2.4 Reply with quote

trying to convert this for htacces

Code:

#deny all russian IP's
Order allow,deny
deny from .ru
Allow from all


not having luck no matter which way, getting error 500
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6998
Location: Germany, Next to Hamburg

PostPosted: Tue 10 Aug '21 16:49    Post subject: Reply with quote

The normal

Code:

Order allow,deny
Allow from all


becomes

Code:

Require all granted


Your code

Code:

Require not X.Y.Z.S
Require all granted


in your case, I would do it like this[1]

Code:

<AuthzProviderAlias ip reject-ips "XXX.XXX.XXX.XXX YYY.YYY.YYY.YYY">
</AuthzProviderAlias>

<Directory "/path/to/dir">
    <RequireAll>
        Require not reject-ips
        Require all granted
    </RequireAll>
</Directory>


However, there are a lot of Russian IPs. I created a "snippet". [2] The range is roughly 12.6 thousand lines long. I would NOT put that in the Apache config. If you want to lock such large IP ranges I recommend using Cloudflare free version in front of your Apache. Don't do that on your local machine. Maintaining that list is horrible and Apache will take much longer to start and restart. You can do it if you want to.
I did forget to mention that the snippet is only IPv4. The IPv6 list[3] is about 17 thousand lines long.

[1] https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#authzprovideralias
[2] https://apaste.info/W5R7
[3] https://apaste.info/9knP
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6998
Location: Germany, Next to Hamburg

PostPosted: Tue 10 Aug '21 16:58    Post subject: Reply with quote

The main question why want to block those IPs?
Back to top
puertoblack2003



Joined: 31 Jul 2009
Posts: 99

PostPosted: Wed 11 Aug '21 15:28    Post subject: Reply with quote

James Blond wrote:
The main question why want to block those IPs?


thanks for the info James, mainly for hack attempts to my forum board. all ip traced back to ru.
Back to top
puertoblack2003



Joined: 31 Jul 2009
Posts: 99

PostPosted: Wed 11 Aug '21 15:33    Post subject: Reply with quote

can i just block .ru instead of ip ? I remember a hacking website that provided info to block country. 3 years ago my computer HD crashed and lost all my bookmark.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6998
Location: Germany, Next to Hamburg

PostPosted: Mon 16 Aug '21 19:19    Post subject: Reply with quote

You "can" block .ru. But that depends on the factor that Apache / your OS needs to resolve the IP to a DNS name that ends in .ru That isn't working well.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2264
Location: Sun Diego, USA

PostPosted: Mon 16 Aug '21 22:57    Post subject: Reply with quote

mod_maxminddb

Not always perfect, but does the job.
Back to top
puertoblack2003



Joined: 31 Jul 2009
Posts: 99

PostPosted: Tue 17 Aug '21 15:16    Post subject: Reply with quote

thanks guys Smile
Back to top


Reply to topic   Topic: converting directives in apache 2.4 View previous topic :: View next topic
Post new topic   Forum Index -> Apache