logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: bulk denials
Author
Doug22



Joined: 02 Jun 2013
Posts: 57
Location: Houston TX

PostPosted: Tue 04 Jun '24 17:50    Post subject: bulk denials Reply with quote

OK, this is strange. I need to deny access in my .htaccess file to a range of IP addresses. So I do this -
deny from 111.11.111/16 .

My system freaks out. What does *seem* to be digestable is

deny from 111.11.111.

Why does that CIDR notation NOT WORK in a .htaccess denial? Will the latter really block all of 111.11.111?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7374
Location: Germany, Next to Hamburg

PostPosted: Wed 05 Jun '24 12:54    Post subject: Reply with quote

Deny from is no longer supported by Apache.

use

Code:

Require not ip 111.11
Back to top
Doug22



Joined: 02 Jun 2013
Posts: 57
Location: Houston TX

PostPosted: Fri 07 Jun '24 1:25    Post subject: Reply with quote

Not sure where that comes from. Sure isn't the case for my Apache on my Hostgator site. When I put my own IP into a "deny from" in my .htaccess, and I try to go there, I get "Access unavailable". That is, "deny from" seems to work fine for me on my site.
Back to top
Otomatic



Joined: 01 Sep 2011
Posts: 213
Location: Paris, France, EU

PostPosted: Fri 07 Jun '24 8:55    Post subject: Reply with quote

Hi,
Doug22 wrote:
That is, "deny from" seems to work fine for me on my site.

Probably because the "access_compat_module" is loaded.
However, this module is due to disappear. That's why it's preferable - by far - to use the full functionality of "Require".
Back to top
Doug22



Joined: 02 Jun 2013
Posts: 57
Location: Houston TX

PostPosted: Fri 07 Jun '24 14:03    Post subject: Reply with quote

Hmmm. Thanks. access_compat isn't anything I have control of. But I guess it's good to know that I should be migrating to "Require". That all being said, does "Require" understand CIDR, which was my original question?

Actually, while I'm at it, let me say that this change, from Apache 2.2 to Apache 2.4 is kind of a pisser. Does this mean I have to rewrite my .htaccess file for Apache 2.4, and that my Apache 2.2 .htaccess file WON'T WORK with Apache 2.4?
Back to top
Otomatic



Joined: 01 Sep 2011
Posts: 213
Location: Paris, France, EU

PostPosted: Fri 07 Jun '24 14:44    Post subject: Reply with quote

Hi,

Documentation Apache -> Access Control:
Code:
Require host address
Require ip ip.address

In the first form, address is a fully qualified domain name (or a partial domain name); you may provide multiple addresses or domain names, if desired.

In the second form, ip.address is an IP address, a partial IP address, a network/netmask pair, or a network/nnn CIDR specification. Either IPv4 or IPv6 addresses may be used.
When a question arises or a doubt persists, the best answer is always found using the old adage: always RTFM.
https://httpd.apache.org/docs/2.4/en/howto/access.html
Back to top
Doug22



Joined: 02 Jun 2013
Posts: 57
Location: Houston TX

PostPosted: Fri 07 Jun '24 15:29    Post subject: Reply with quote

OK, thanks. I guess that means that "require not" obeys CIDR. "deny from" does not. Interesting. My Hostgator support tells me that "deny from" will ALWAYS work, though they use 2.4.x. So I guess they're in no rush to get rid of "access_compat_module".
Back to top


Reply to topic   Topic: bulk denials View previous topic :: View next topic
Post new topic   Forum Index -> Apache