homepage Welcome to WebmasterWorld Guest from 54.205.205.47
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Blocking Methods
.htaccess syntax
keyplyr




msg:1497715
 8:00 am on Mar 7, 2005 (gmt 0)


I wish to ban a website from pulling my files.

Is there a difference between these two methods? Any preference of the two? Thanks.

SetEnvIf Remote_Host ^###\.##\.###\.##$ ban
<Files *>
Order Deny,Allow
Deny from env=ban
</Files>

RewriteCond %{REMOTE_HOST} ^###\.##\.###\.##$
RewriteRule .* - [F]

 

jdMorgan




msg:1497716
 4:17 pm on Mar 7, 2005 (gmt 0)

You don't actually have to use the SetEnvIf method if you just want to block IP addresses. For example,

<Files *>
Order Deny,Allow
Deny from ^###\.##\.###\.##$

will also work. SetEnvIf is only needed when you wish to Deny based on server variables other than IP address or remote hostname.

As to which is "better," that's largely a matter of preference or necessity; Some servers don't support mod_rewrite, so the only way to block access is with mod_access (or a script). Other subtle differences may also be important in the decision too; In some server configurations, mod_access-denied accesses are logged to the server error log, while mod_rewrite-denied accesses are logged to the server access log.

Jim

Bernie




msg:1497717
 9:28 pm on Mar 11, 2005 (gmt 0)

is there also a way to block entire ip-ranges?

thank you.

jdMorgan




msg:1497718
 9:52 pm on Mar 11, 2005 (gmt 0)

Yes, you can omit trailing octets from the address to be matched, or you can use network/netmask or network/CIDR notation to block ranges.

For example, you could use
Deny from 123.45.67.
to block addresses in the range 123.45.67.0 through 123.45.67.255

Or you could use
Deny from 123.45.67.0/255.255.255.0
Or
Deny from 123.45.67.0/24

See mod_access [httpd.apache.org] and mod_setenvif [httpd.apache.org] for more details.

Jim

Bernie




msg:1497719
 10:04 pm on Mar 11, 2005 (gmt 0)

great thanks, i tried with the * but that was obviously wrong.
:-)

Bernie




msg:1497720
 10:05 pm on Mar 11, 2005 (gmt 0)

oh by the way, wouldn't this also work:

Deny from 202.104.0.0 - 202.104.255.255

kevinpate




msg:1497721
 10:16 pm on Mar 11, 2005 (gmt 0)

you can accomplish your goal, with a somewhat smaller file size, if you simplify it to:

Deny from 202.104.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved