homepage Welcome to WebmasterWorld Guest from 54.204.128.190
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
problems with ip ranges
Shahadah




msg:4620409
 8:09 pm on Oct 31, 2013 (gmt 0)

Hello,

I'm working on my .htacess file and I'll be honest... I'm not very good at .htacess

I'm doing a range of mulitple address
This is what I got so far but I'm getting 500 errors with each change I try to make

I know I'm supposed to be doing this :

order allow,deny
deny from 64.233.160.0-64.233.191.255
deny from 66.102.0.0-66.102.15.255
allow from all

I'm wondering if I've got the correct syntax or 'if' I'm imputing this in the wrong place?

Now this is my .htaccess file as it currently stands.

# BEGIN WPSuperCache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

AddDefaultCharset UTF-8
RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|
Elaine/3.0|EudoraWeb|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|
Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|
Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|iPhone|iPod|Android|BlackBerry9530|
LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP_user_agent} !^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|
cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|
mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|
seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|
wapp|wapr|webc|winw|winw|xda\ |xda-).* [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{HTTPS} on
RewriteCond %{DOCUMENT_ROOT}/public_html/example.com/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz -f
RewriteRule ^(.*) "/public_html/example.com/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|
Elaine/3.0|EudoraWeb|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|
Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|
Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|iPod|Android|BlackBerry9530|
LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP_user_agent} !^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|
cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|
mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|
seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|
wapp|wapr|webc|winw|winw|xda\ |xda-).* [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{HTTPS} !on
RewriteCond %{DOCUMENT_ROOT}/public_html/example.com/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz -f
RewriteRule ^(.*) "/public_html/example.com/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|
Elaine/3.0|EudoraWeb|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|
Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|
Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|iPhone|iPod|Android|BlackBerry9530|
LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP_user_agent} !^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|
cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|
mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|
seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|
wapp|wapr|webc|winw|winw|xda\ |xda-).* [NC]
RewriteCond %{HTTPS} on
RewriteCond %{DOCUMENT_ROOT}/public_html/example.com/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html -f
RewriteRule ^(.*) "/public_html/example.com/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP_USER_AGENT} !^.*(2.0\ MMP|240x320|400X240|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|
Elaine/3.0|EudoraWeb|hiptop|IEMobile|KYOCERA/WX310K|LG/U990|MIDP-2.|MMEF20|MOT-V|NetFront|Newt|Nintendo\ Wii|
Nitro|Nokia|Opera\ Mini|Palm|PlayStation\ Portable|portalmmm|Proxinet|ProxiNet|SHARP-TQ-GX10|SHG-i900|Small|SonyEricsson|
Symbian\ OS|SymbianOS|TS21i-10|UP.Browser|UP.Link|webOS|Windows\ CE|WinWAP|iPhone|iPod|Android|BlackBerry9530|
LG-TU915\ Obigo|LGE\ VX|webOS|Nokia5800).* [NC]
RewriteCond %{HTTP_user_agent} !^(w3c\ |w3c-|acs-|alav|alca|amoi|audi|avan|benq|bird|blac|blaz|brew|cell|cldc|
cmd-|dang|doco|eric|hipt|htc_|inno|ipaq|ipod|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-|lg/u|maui|maxo|midp|mits|
mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|palm|pana|pant|phil|play|port|prox|qwap|sage|sams|sany|sch-|sec-|send|
seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo|teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|wap-|wapa|wapi|
wapp|wapr|webc|winw|winw|xda\ |xda-).* [NC]
RewriteCond %{HTTPS} !on
RewriteCond %{DOCUMENT_ROOT}/public_html/example.com/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html -f
RewriteRule ^(.*) "/public_html/example.com/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html" [L]
</IfModule>

# END WPSuperCache

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
Order Deny,Allow
deny from 64.233.160.0-64.233.191.255
deny from 66.102.0.0-66.102.15.255
allow from all

[edited by: phranque at 11:34 am (utc) on Nov 1, 2013]
[edit reason] Please Use example.com [webmasterworld.com] [/edit]

 

phranque




msg:4620472
 12:10 am on Nov 1, 2013 (gmt 0)

welcome to WebmasterWorld, Shahadah!


This is what I got so far but I'm getting 500 errors with each change I try to make


what does your server error log say?

phranque




msg:4620473
 12:15 am on Nov 1, 2013 (gmt 0)

i noticed it looks like you are trying to internally rewrite to a quoted file path.
you have to rewrite a document root-relative bare url path

lucy24




msg:4620483
 12:51 am on Nov 1, 2013 (gmt 0)

deny from 64.233.160.0-64.233.191.255
deny from 66.102.0.0-66.102.15.255

Could we please make that

deny from 64.233.160.0/19
deny from 66.102.0.0/20

?

:: phranque, as long as you're here, could you possibly bisect a few lines? ::

RewriteCond %{REQUEST_URI} !^.*[^/]$

Or, in short,

RewriteCond %{REQUEST_URI} /$

![^x]
=
x

No need for a double negative. But really, conditions that involve the {REQUEST_URI} almost always belong in the body of the rule:

RewriteRule ^(([^/]+/)*)$ et cetera
where the outer parentheses are only if you need to capture the request.

Shahadah




msg:4620509
 6:41 am on Nov 1, 2013 (gmt 0)

what does your server error log say?

I contacted the hosting company and after some back and forth emails I'm told that it's an invalid directive in an .htaccess

I had tested the .htaccess in stages and everything works fine when I remove the following

Order Deny,Allow
deny from 64.233.160.0-64.233.191.255
deny from 66.102.0.0-66.102.15.255
allow from all

So I'm at a loss at this point.

lucy24




msg:4620518
 7:56 am on Nov 1, 2013 (gmt 0)

deny from 64.233.160.0-64.233.191.255

What Apache version are you on? I honestly didn't realize you could use this form; I've always done CIDR ranges. But test site (2.2.something) didn't utter a peep. This is unnerving.

Incidentally, the combination of "Order Deny,Allow" with "Allow from all" means that any Deny statements are irrelevant. "Allow from all" is only meaningful if the ordering is Allow,Deny. And vice versa.

What happens if you say only
Order Deny,Allow

and nothing more? If the server explodes again, it may mean that you're not allowed to use access-control directives. (This is utterly calamitous and means you need to change hosts yesterday, so let's hope it is something unrelated.)

Shahadah




msg:4620550
 11:36 am on Nov 1, 2013 (gmt 0)

Apache version 2.2.25

I get no errors when I say only * Order Deny, Allow *

Still...
I'm not understanding the entire discours about "Allow, Deny" and "Deny,Allow" . (Please understand I kind of learned this from the web not in a school)

lucy24




msg:4620558
 12:19 pm on Nov 1, 2013 (gmt 0)

"Order" means order, as in sequence. Doesn't matter how you arrange your directives; you're telling the server what order to read them in.

Order Deny,Allow = first the server reads and acts on everything in "Deny from". Then it looks at everything in "Allow from". If there's a conflict, or if there's no match either way, the last one prevails: Allow.

Order Allow,Deny = first it looks at the Allows. Then at the Denys. Again, Deny prevails.

The Apache docs give fancy examples. But in practice it's one of two things:

Blacklist:
Order Allow,Deny
Allow from all
Deny from {long list here}

Whitelist:
Order Deny,Allow
Deny from all
Allow from {long list here}

OK, no disaster with "Order Deny,Allow" only. Whew. No space! Putting a space after the comma will create a server error. It won't just prevent the rule from working; it will bring down the whole site. At least in 2.2. (2.4 is phasing out the Allow/Deny/Order system, so it may not care as much.) Your earlier post had no space, so I doubt that was the problem.

Shahadah




msg:4620573
 2:09 pm on Nov 1, 2013 (gmt 0)

ok but I understand now.

But I still have the problem of trying to block a large groups of IP ranges.

lucy24




msg:4620670
 9:22 pm on Nov 1, 2013 (gmt 0)

If you want to block certain ranges and allow everyone else, you have to turn it around:

Order Allow,Deny
Allow from all
Deny from ... and then you put the ranges here.

Start with
Order Allow,Deny
Allow from all

and verify that the server doesn't explode. Now add a single line, say

Deny from 23.20.0.0/14

(I don't remember exactly who this is but they're in the AmazonAWS section of my own htaccess, so they should be fine for experimenting.)

lucy24




msg:4620712
 1:07 am on Nov 2, 2013 (gmt 0)

###, missed edit deadline. A further detour to test site's logs confirmed a hunch. The reason forms like
deny from 64.233.160.0-64.233.191.255

don't make the server throw fits is that it simply doesn't recognize it as an IP address. Instead the server goes into "decoding" mode (this is not the correct term, so g1smd or someone like him will have to translate :(). You can see it in logs because they have me as "adsl-pacbell-blahblah" instead of my current IPv4 address. Remove the line and things go back to normal.

keyplyr




msg:4621225
 8:56 am on Nov 5, 2013 (gmt 0)


Shahadah, best to condense your IP ranges to CIDR (as Lucy exemplified.)

Here's a free tool to do so: [kgsoft.com...]

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved