What version of Apache are you using?
Apache 2.4 changed the access control directives unless you specifically
enable the old style: http://httpd.apache.org/docs/2.4/upgrading.html#access
Also, make sure you have the correct AllowOverride statements.
- Y
On Mon, May 4, 2015 at 7:33 PM, Joshua Smith <joshuasm...@scbwi.org> wrote:
> Hi,
>
>
>
> I tried both of the following methods to block an ip address, but neither
> worked. In .htaccess, I put:
>
>
>
> Order Deny,Allow
>
> Deny from 123.123.123.123
>
>
>
> and
>
>
>
> RewriteCond %{REMOTE_ADDR} ^123.123.123.123
>
> RewriteRule .* /maintenance.html [R=503,L]
>
>
>
> (I do have the mod_rewrite module installed)
>
>
>
> In both cases, I put the rules at the top of the file so that it would be
> the first rules executed.
>
>
>
> After each one, i did an apachectl stop, then apachectl start.
>
>
>
> In both cases, when i monitored my site with the 'server-status' module,
> the ip address was still there, with sometimes more than 30 requests, and
> all for the same page, which was ..../login.php. And it continued to be
> there for the next 30 minutes until it just dropped off, but i was doing
> nothing to stop it at that point.
>
>
>
> This method of blocking has worked for me in the past.
>
>
>
> Is it possible for someone (ie a hacker…) to bypass my blocking
> method(s)? Or is there something more I need to do?
>
>
>
> Thank you,
>
> Josh
>
>
>
