Joshua:
Thanks for the quick and comprehensive reply. Lemme address everything in
order:
1. Whatcha mean by "the config is inherited"? Did you mean to address my
question about sub-directories? I suspect so, but if not please clarify.
2. The status codes are in fact mostly 403s, but not ALL... some that match my
deny directives, notably ".svservers.com", are still being allowed with 200s.
The 403s that are occurring could also be the result of the http:BL module in
the blog software itself, which checks the IPs of attempted commenters against
the Project Honeypot DNS blacklist and bounces them with a 403 if the IP is a
match (there's a lot of 403s for hostnames not in my little DENY list). At
least that's the only explanation I can imagine for the inconsistency.
My goal here is to nail the spammy GETs; at first I'd considered a <LIMIT GET>
directive, but I couldn't figure out where/how to apply it and so resorted to
this current technique.
Censored log sample:
66.199.244.34/66.199.244.34.svservers.com [13/Sep/2007:09:44:17 -0700] "GET
/blog/pivot/entry.php?id=29 HTTP/1.1" 200 24892 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:10:01:22 -0700] "GET
/blog/pivot/entry.php?id=74 HTTP/1.1" 403 222 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:10:02:02 -0700] "GET
/blog/pivot/entry.php?id=29 HTTP/1.1" 403 222 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:11:08:23 -0700] "GET
/blog/pivot/entry.php?id=40 HTTP/1.1" 403 222 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:11:38:21 -0700] "GET
/blog/pivot/entry.php?id=84 HTTP/1.1" 403 222 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:12:05:24 -0700] "GET
/blog/pivot/entry.php?id=71 HTTP/1.1" 403 222 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:12:51:01 -0700] "GET
/blog/pivot/entry.php?id=23 HTTP/1.1" 403 222 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:13:02:21 -0700] "GET
/blog/pivot/entry.php?id=74 HTTP/1.1" 403 222 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:13:06:17 -0700] "GET
/blog/pivot/entry.php?id=60 HTTP/1.1" 403 222 "-" "-"
66.199.244.34/66.199.244.34.svservers.com [13/Sep/2007:13:10:04 -0700] "GET
/blog/pivot/entry.php?id=63 HTTP/1.1" 200 28255 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:13:13:16 -0700] "GET
/blog/pivot/entry.php?id=29 HTTP/1.1" 403 222 "-" "-"
66.199.244.34/66.199.244.34.svservers.com [13/Sep/2007:13:24:28 -0700] "GET
/blog/pivot/entry.php?id=40 HTTP/1.1" 200 28032 "-" "-"
66.199.244.34/66.199.244.34.svservers.com [13/Sep/2007:14:14:46 -0700] "GET
/blog/pivot/entry.php?id=40 HTTP/1.1" 200 27820 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:14:32:16 -0700] "GET
/blog/pivot/entry.php?id=71 HTTP/1.1" 403 222 "-" "-"
81.195.31.71/ppp31-71.pppoe.mtu-net.ru [13/Sep/2007:14:34:48 -0700] "GET
/blog/pivot/entry.php?id=66 HTTP/1.1" 403 222 "/blog/pivot/"
"Mozilla/5.0+(Windows;+U;+Windows+NT+5.2;+en-US;+rv:1.8.0.3)+Gecko/20060426+Firefox/1.5.0.11"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:15:03:56 -0700] "GET
/blog/pivot/entry.php?id=60 HTTP/1.1" 403 222 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:15:05:58 -0700] "GET
/blog/pivot/entry.php?id=84 HTTP/1.1" 403 222 "-" "-"
70.85.237.82/52.ed.5546.static.theplanet.com [13/Sep/2007:15:10:04 -0700] "GET
/blog/pivot/entry.php?id=23 HTTP/1.1" 403 222 "-" "-"
Each of those hostnames match my DENY list, yet the svservers.com GETs are being
allowed.
3. "c:/www/blog/" is actually the parent for all the blog content.
4. I only have the one config file, and other changes to it have certainly had
effects (not all good).
5. Yep, I did restart Apache. I always make a habit of killing it before I even
edit the config.
6. No other <directory> directives for anything underneath ./blog/.
Could it have anyhing to do with the fact that .svservers.com is the FIRST deny
directive? Did I perhaps not structure the permissions correctly? Someone else
suggested I should have stuck with ORDER ALLOW,DENY and then ALLOW FROM ALL (and
presumably followed by the list of DENY); is that how I should have structured it?
Mark
-------- Original Message --------
Subject: Re: [EMAIL PROTECTED] <directory> and deny directives
From: Joshua Slive <[EMAIL PROTECTED]>
To: users@httpd.apache.org
Date: Thursday, September 13, 2007 07:09:43 PM
On 9/13/07, Mark A. Craig <[EMAIL PROTECTED]> wrote:
There's only one problem: it's not working! The log still shows visits
from these hostnames. What am I missing? Do I need to add "/*" to the
end of the <Directory> directive, or do subdirectories implicitly
inherit the same directives?
The config is inherited.
What status code is being reported for the accesses? If it is 403,
then they are indeed being denied.
Otherwise, show us a few access_log entries that you think should be denied.
Also, check to make sure that the content is really living under
C:/www/blog, that you are editing the right config file, that you are
restarting apache after making config changes, and that you don't have
anything else in your config file applying to that directory or lower.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
