lucy24 - 8:30 pm on Feb 20, 2012 (gmt 0)
If you have multiple deny statements, all previous deny statements are ignored and only what is in the last deny statement will ever apply.
Still missing something, because that is precisely how my own htaccess is set up, and it definitely Denies from everyone on the list:
Allow from all
Deny from env=keep_out
Deny from 188.8.131.52/17
and so on down to
Deny from 184.108.40.206/15
which is definitely not the only IP to get locked out. I'd have noticed.
First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default.
Emphasis mine. Are we talking about different things?