homepage Welcome to WebmasterWorld Guest from 54.167.179.48
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Including list of denied ips | 403 redirects?
When including list of ips to deny, 403 errors don't resolve
cooch17



 
Msg#: 4584727 posted 11:38 pm on Jun 16, 2013 (gmt 0)

Suppose I want to block some ip's from a directory. if I try


<Directory /home/www/directory/of/interest/>
Order allow,deny
allow from all

deny from 1.2.3.4/24
deny from 5.6.7.8/24
etc.

ErrorDocument 403 http://server.root/errors/403.html
</Directory>



Works fine - someone from one of the denied ips tries to hit the subdirectory, then the 403.html page is presented.

But...if I put the ips I want to block into a file (call it ipblock.dat), and then try



<Directory /home/www/directory/of/interest/>
Order allow,deny
allow from all

Include /path/to/ipblock.dat


ErrorDocument 403 http://server.root/errors/403.html
</Directory>


the 403 page isn't presented. Instead, what is seen is some message about too many redirects.

For a bunch of reasons, having the ip blocks I want to deny in a separate external file is practical for my purposes, but I can't really use it if I can't figure out how to get the 403 error page to show correctly.

Suggestions/points to the obvious most welcome.

 

dougwilson



 
Msg#: 4584727 posted 2:34 am on Jun 17, 2013 (gmt 0)

I've had one problem like this, can't remember how long ago, and I'm not sure what your doing with the dat file. That said, you could try something like this

<Files 403.html>
order allow,deny
allow from all
</Files>

In other words make sure any one can access the error page

That's all I've got

lucy24

WebmasterWorld Senior Member lucy24 us a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



 
Msg#: 4584727 posted 3:55 am on Jun 17, 2013 (gmt 0)

But...if I put the ips I want to block into a file (call it ipblock.dat)

What's the exact format of the IP list in the .dat document? Is it a direct cut-and-paste from the version you had in the directory? Nothing added, nothing deleted? Saved as a plain-text file?

Access to the error document shouldn't be a problem unless you goofed and put 403.html into the same directory that you're denying access to. If for some reason it has to live there, then the <Files> envelope is your salvation :)

the 403 page isn't presented. Instead, what is seen is some message about too many redirects.

What do you mean by "some message"? The browser's own too-many-redirects message? Or a server message about internal redirects? They're entirely different things, reflecting entirely different problems.

Never mind what the user sees. What do the logs say? It's your own server, so you should be able to crank up the logging level to a stage where it gives useful information.

If access to the 403 document is the problem, it will show up clearly in error logs.

cooch17



 
Msg#: 4584727 posted 2:17 pm on Jun 17, 2013 (gmt 0)

Further details:

1\ the file ipblock.dat is a simple text file - nothing fancy.

deny from 1.2.3.4/24
deny from 5.6.7.8/24

and so on.


2\ when trying to access the subdirectory, the browser (Chrome - get more or less the same thing from other browsers) reports


This webpage has a redirect loop

The webpage at [server.address...] has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
Here are some suggestions:

Reload this webpage later.

Learn more about this problem.

Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.


In the log files, I see "GET /errors/403.html HTTP/1.1"

So, in theory, I should be seeing the 403.html page. But, I'm not.

cooch17



 
Msg#: 4584727 posted 2:40 pm on Jun 17, 2013 (gmt 0)

Solved -- if I block the subdirectory from ip 1.2.3.4, then of course, I also block the errors subdirectory nested within it. I just realized I was pointing to an URL for the 403 page that was in a directory nested in the directory I was blocking. Moving the error directory to somewhere else solved the problem.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved