htaccess fails after upgrade - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

htaccess fails after upgrade

mcneely

10:26 am on May 21, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I'm upgrading -- From Apache version - 1.3.33 to Apache version - 2.2.15, and from php4 to php 5

Both my DB's and I are handling the PHP 5 just fine, but I'm having a bit of trouble getting the htaccess to spit out the 403's like it used to do.

I've been looking over this documentation, and I'm not finding what the problem might be with my htaccess writes.

I've got rewrite engine on, and have been writing my denials like this;

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC]
RewriteRule ^.* - [F]

And;

RewriteCond %{HTTP_REFERER} ^http://www.example.com$
RewriteRule !^http://[^/.]\.example.com.* - [F]

And;

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 82.*.*.*
deny from 82.*.*.*

and so on and so forth ..

The only thing I can get to work in my htaccess is my 301 www redirect ..

Everything else puts out 404's instead of 403's ..

I'm thinking that this might be a simple thing that I might have overlooked .. or not?

jdMorgan

1:36 am on May 23, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

This rule is badly-formed, but since there is no comment describing its purpose, I can't offer anything to help fix it:


RewriteCond %{HTTP_REFERER} ^http://www.example.com$
RewriteRule !^http://[^/.]\.example.com.* - [F]

The problem is that RewriteRule 'sees' only a localized URL-path, and will never see the the "http://www.example.com prepended to that URL-path.

I'd suggest that you use the "Live HTTP Headers" add-on for Firefox and Mozilla browsers to "watch" the 403/404 transactions between your browser and your server, and take a good look at your server error log to get more information on this problem. That's likely to be far more productive than trying to guess at what the problem might be.

Note, however, that considering only the code you posted above, the "Order" is undefined for all files except for 403.shtml. This might result in problems due to differences in the default server config, independent of the upgrade from 1.3.x to 2.x

Oh, and do be sure that the 403.shtml file exists...

Jim

mcneely

4:42 pm on May 24, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

RewriteCond %{HTTP_REFERER} example\.com
RewriteRule .* - [F]

or

<Files 403.shtml>
order allow,deny
deny from 119.*.*.*
deny from 72.*.*.*
allow from all
</Files>

You think this might work better?

mcneely

4:51 pm on May 24, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

At any rate, I'll give it the old college try .. I'm quickly finding out that complacency in this business doesn't really go over too well.

I should upgrade more often.

g1smd

4:56 pm on May 24, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

The "deny from" syntax is not correct.

jdMorgan

5:12 pm on May 24, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

True, I assumed that the "*" characters were not literals...

Single address syntax
Deny from 192.168.0.1

Ranges (three valid & equivalent formats shown)
Deny from 192.168.0 (IP prefix)
Deny from 192.168.0.0/24 (CIDR notation)
Deny from 192.168.0.0/255.255.255.0 (netmask notation)

Deny from 192.168
Deny from 192.168.0.0/16
Deny from 192.168.0.0/255.255.0.0

Deny from 192
Deny from 192.0.0.0/8
Deny from 192.0.0.0/255.0.0.0

See the Apache mod_access documentation. In fact, see the documentation for each Apache module containing *any and all* of the directives you want to use... :)

Jim

mcneely

5:22 pm on May 24, 2010 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

The "*" are indeed not literal .. there are real numbers between the "."

I only put those in for the sake of the thread is all.

On my old config, the;

<Files 403.shtml>
order allow,deny
allow from all
</Files>

stood separate from all of the denials, i.e.,

deny from
deny from

The deny from's were listed below the files tags and it worked great

This time around, it doesn't appear to. It's been quite a while since 2005 it seems, and even with the documentation, I'm finding it difficult to remember just exactly how I did it before.