homepage Welcome to WebmasterWorld Guest from 54.234.2.88
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Using "deny from" in .htaccess
can countries be denied?
privacyman




msg:1510890
 11:35 am on May 21, 2003 (gmt 0)

In my .htaccess file I do have some IP's listed
under <Limit GET>
for example

order deny,allow
deny from .edu
deny from 123.45.67.89
deny from 23.45.
# above just as example

Where I had read in the apache documentation files
a domain or partial domain is allowed to be used
in the allow or deny, I finally got tired of educational
facilities accessing my site, and have not found any
of them to be of benefit.

Can anyone tell me if my newest entry of
deny from .edu
will work, or not?

Additionally, if a "lookup" is done when a domain
or partial domain is specified (according to the apache
doc that I read).... my guess is that the
deny from .edu
"should work" and "should" match for any and all
educational domains.

If that is true, that a lookup is done for a domain or
partial domain, then I am curious if the following
deny from .ca
would work for blocking all of Canada (or any other
two letter country code). Does anyone know about
this aspect? Could a person have a listing of
deny from .cn
deny from .tw
deny from .hk
or similar listing under their <Limit GET> .... it would
surely cut down on the number of IP numbers to be
listed or the amount of regex to be used for
REMOTE_ADDR entries.

And my final question that I am curious about.
I already know that a complete or partial IP can
be listed for use with allow or deny under <Limit GET>
and regex can be used alike the next
RewriteCond %{REMOTE_ADDR} ^204\.251\.([2-3])\. [OR]

.... but I am puzzled about the other format that apache
docs mention for allow or deny where the IP number
is written in CIDR (? is that correct) format such as
deny from 213.123.128.0/20
..... my puzzled aspect is "what does the /number
represent?.... is that "number of bits" that are or'ed
with the "starting IP number"? Not sure if it would be
"or'ing" or "and'ing" but I remember something about
working with binary numbers from my old CP/M days
and my calculator handles binary, hex, and other
numbers quite nicely. I'm must puzzled about what
the CIDR format means with the /number(s) at the end.

TIA.

 

jdMorgan




msg:1510891
 4:45 pm on May 21, 2003 (gmt 0)

privacyman,

A quick read of this page [httpd.apache.org] should answer all of your technical questions.

Banning by country code is rather arbitrary (IMHO) and doesn't always work. Some people use ISPs in adjacent countries, some use satellite/radio internet, and the really bad guys use open proxies so you can't tell where they come from, really. YMMV.

HTH,
Jim

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved