Forum Moderators: phranque
Here's my current .htaccess, before banning:
######
IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName <snip>
AuthUserFile <snip>
AuthGroupFile <snip>
######
My site is being terrorised by a particular IP address (that is static), and I would like to deny that IP all access to the site.
I have tried adding:
order deny,allow
deny from 123.456.789.012
allow from all
at the top, tried putting it in <limit get></limit> brackets, and in <files *></files> brackets. I have tried changing the order or allow & deny in all various combinations, but never having any success.
In all this testing I have been trying to ban my own IP (which of course I know), as that way I will know if it definitely works. And it definitely doesn't.
If anyone can see what I'm doing wrong or how it may be possible, please let me know!
Thank you very much...
Welcome to WebmasterWorld!
I'd suggest you carefully review the documentation for the Order directive in Apache mod_access [httpd.apache.org], since your order appears to be incorrect. Order has to do with access control precedence, and nothing to do with the order that Allow and Deny directives are listed below it.
Be sure to flush your browser cache (Temporary Internet Files) before testing any change to access control code. Otherwise, your browser will return requested pages from your local cache instead of sending the request to your server. Therefore, your access control code will not execute; It will have no effect on these requests, and will appear to be broken.
Jim
