yodaj007
asked on
blocking access
I want to block access from all IP's in the 68.52.0.0 subnetwork. A bunch of people on that part of the network keep trying the Nimda virus on my server, and its just filling up my logs. But when I put:
Order deny,allow
deny from 68.52
Allow from all
under the Directory directive for the server directory, its not working because they aren't trying to access that directory. How can I keep the server from doing anything regarding the 68.52.0.0 subnetwork? I do not know what the subnet mask is.
Thanks
Jason D
Order deny,allow
deny from 68.52
Allow from all
under the Directory directive for the server directory, its not working because they aren't trying to access that directory. How can I keep the server from doing anything regarding the 68.52.0.0 subnetwork? I do not know what the subnet mask is.
Thanks
Jason D
ASKER
Thanks. I've implemented that. When I see that it solves my problem, I'll set your comment to an answer. Thanks again.
Jason D.
Jason D.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here are the directives from my config file. You've helped me successfully deny everything from the 68.52 domain *that isn't referencing my homepage*. Thats exactly what I wanted. But for some reason I can't block myself from my own homepage as you suggested. I've increased the points to 60 and I'm accepting your answer. If you can tell me how to block access to my homepage, I can't thank you enough. But its not necessary.
Jason D.
<Directory "C:/Program Files/Apache Group/Apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from localhost
Deny from 192.168.1.102
Allow from all
</Directory>
<Location /*>
Order deny,allow
Deny from 68.52
Allow from all
</Location>
Jason D.
<Directory "C:/Program Files/Apache Group/Apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Deny from localhost
Deny from 192.168.1.102
Allow from all
</Directory>
<Location /*>
Order deny,allow
Deny from 68.52
Allow from all
</Location>
Sure. Thanks a lot.
How about using Location or LocationMatch directive.
http://httpd.apache.org//docs/mod/core.html#location
http://httpd.apache.org//docs/mod/core.html#locationmatch
--
<Location /*>
Order deny,allow
deny from 68.52
Allow from all
</Location>
--
However, you might have other directives - Directory, or Files that might allow connection from those IP address.
Check out how sections are merged - http://httpd.apache.org//docs/sections.html
The order of merging is:
1.<Directory> (except regular expressions) and .htaccess done simultaneously (with .htaccess, if allowed, overriding <Directory>)
2.<DirectoryMatch>, and <Directory> with regular expressions
3.<Files> and <FilesMatch> done simultaneously
4.<Location> and <LocationMatch> done simultaneously
So by using Location/LocationMatch, you would be safe.