given this...
---------------------------------------------------------------------
apache log:
157.55.39.252 - - [09/Feb/2021:17:04:33 -0700] "GET /product_info.php
HTTP/1.1" 403 199
The above user is from Microsoft Network
CIDR: 157.60.0.0/16, 157.54.0.0/15, 157.56.0.0/14
that does not appear on my list.
So why my configuration is blocking that user?
The apache .htaccess just blocked IP: 159.14.184.11
this is "Organization: The Children's Hospital of philadelphia"
CIDR: 159.14.0.0/16
---------------------------------------------------------------------
using this to calculate the binary and the masks...
echo "obase=2;$ip" | bc
this:
echo "obase=2;157" | bc
echo "obase=2;54" | bc
echo "obase=2;56" | bc
echo "obase=2;60" | bc
converts to this:
157 10011101
60 00111100
54 00110110
56 00111000
157 | 10011101
55 | 00110111
39 | 00100111
252 | 11111100
10011101.00110111.00100111.11111100
and doing the same with your CIDR masks against the input IP
157 60 | 10011101.00111100|.00000000.00000000
10011101.00110111|.00100111.11111100
157 54 | 10011101.0011011|0.00000000.00000000
10011101.0011011|1.00100111.11111100
157 56 | 10011101.001110|00.00000000.00000000
10011101.001101|11.00100111.11111100
157 | 10011101
55 | 00110111
39 | 00100111
252 | 11111100
10011101.00110111.00100111.11111100
shows this is the matching (rejecting) IP and mask
this is the matching subnet:
157 54 | 10011101.0011011|0.00000000.00000000
10011101.0011011|1.00100111.11111100
so, your 157.54.0.0/15 rule is matching (rejecting) 157.55.39.252
HTH,
Travis
On Wed, Feb 10, 2021 at 03:53:35PM -0700, syscon edm wrote:
> I run apache-2.4.46 on linux
>
> In .htaccess file I have a long list of IP-subnets (over 500-subnets)
> that I ban (mostly spammers).
> But I've notices that my .htaccess prevent access to customers from IP
> that are not on the ban list.
>
> In the .htaccess the IP's are listed in numerical order, eg.:
> <Files history.txt>
> Require all denied
> </Files>
>
> <RequireAll>
> Require all granted
>
> # block spammers:
> ...
> Require not ip 152.32.186.0/24
> Require not ip 157.230.0.0/16
> Require not ip 157.7.160.0/22
> Require not ip 158.255.128.0/19
> ...
> </RequireAll>
>
> apache log:
> 157.55.39.252 - - [09/Feb/2021:17:04:33 -0700] "GET /product_info.php
> HTTP/1.1" 403 199
>
> The above user is from Microsoft Network
> CIDR: 157.60.0.0/16, 157.54.0.0/15, 157.56.0.0/14
> that does not appear on my list.
>
> So why my configuration is blocking that user?
>
> The apache .htaccess just blocked IP: 159.14.184.11
> this is "Organization: The Children's Hospital of philadelphia"
> CIDR: 159.14.0.0/16
>
> and that CIDR is not on my list, why apache is locking it?
> Do these IP subnets need to be sorted in order for them to work correctly?
>
> I can post them here if somebody wants to test it, if it is OK. They
> are just subdomains not an individual IP's.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
