Msg#: 3537686 posted 2:52 am on Dec 31, 2007 (gmt 0)
My .htaccess file has these lines (among others):
<Limit GET POST> order deny,allow deny from all allow from all </Limit> <Limit PUT DELETE> order deny,allow deny from all </Limit>
I'd like to add the lines below in order to block access from a certain country. Will there be any conflicts with the above lines if I do that?
<Limit GET HEAD POST> order allow,deny deny from 18.104.22.168/19 deny from 22.214.171.124/19 deny from 126.96.36.199/19 deny from 188.8.131.52/19 deny from 184.108.40.206/18 deny from 220.127.116.11/20 deny from 18.104.22.168/21 deny from 22.214.171.124/21 deny from 126.96.36.199/21 deny from 188.8.131.52/22 deny from 184.108.40.206/22 deny from 220.127.116.11/22 deny from 18.104.22.168/22 deny from 22.214.171.124/19 deny from 126.96.36.199/19 deny from 188.8.131.52/20 deny from 184.108.40.206/20 deny from 220.127.116.11/17 deny from 18.104.22.168/19 deny from 22.214.171.124/20 deny from 126.96.36.199/22 deny from 188.8.131.52/22 deny from 184.108.40.206/20 deny from 220.127.116.11/18 deny from 18.104.22.168/22 deny from 22.214.171.124/21 deny from 126.96.36.199/20 deny from 188.8.131.52/20 deny from 184.108.40.206/20 deny from 220.127.116.11/21 deny from 18.104.22.168/20 deny from 22.214.171.124/18 deny from 126.96.36.199/22 deny from 188.8.131.52/22 deny from 184.108.40.206/19 deny from 220.127.116.11/19 deny from 18.104.22.168/20 deny from 22.214.171.124/20 deny from 126.96.36.199/20 deny from 188.8.131.52/20 deny from 184.108.40.206/20 deny from 220.127.116.11/19 deny from 18.104.22.168/19 allow from all </LIMIT>
Msg#: 3537686 posted 7:47 pm on Dec 31, 2007 (gmt 0)
Only one Order directive per .htaccess file -- The last one overrides the previous ones.
Similarly, any conflict between <Limit> containers will result in the last one that applies being used.
There is no need to enclose the Deny from's in a <Limit> container, so I'm not sure why you're doing that. For example, PUTs and DELETEs will be allowed from your listed IP addresses with the code as-posted.
Also, see <LimitExcept>, which may be useful to you.
# Allow all to fetch robots.txt and custom 403 error page SetEnvIf Request_URI "^/(robots\.txt¦my_custom_403_page\.html)$" allow-it # Order Deny,Allow # # Allow all to fetch robots.txt and custom 403 error page <Limit GET> Allow from env=allow-it </Limit> # # Deny all methods except for GET, HEAD, and POST (HEAD is implied by GET -- see documentation) <LimitExcept GET POST> Deny from all </LimitExcept> # # Deny from various country's IP address ranges Deny from 22.214.171.124/19 Deny from 126.96.36.199/19 ... Deny from 188.8.131.52/19 Deny from 184.108.40.206/19
Replace the broken pipe character in the SetEnvIf directive above with a solid pipe character before use; Posting on this forum modifies the pipe characters.
[edited by: jdMorgan at 7:51 pm (utc) on Dec. 31, 2007]