IP Blocked in .htaccess but this guy is still getting through

Forum Moderators: phranque

Message Too Old, No Replies

IP Blocked in .htaccess but this guy is still getting through

Help..

Dogza

8:53 pm on Jul 22, 2005 (gmt 0)

We have a problem with someone placing fraudulent orders on our website. I've bocked his IP address in our .htaccess (along with about 50 Nigerian IP's) but somehow he is still able to access our website using the same IP. Any suggestions? Could our .htaccess file be set up wrong? The file is in our Root directory, before someone asks..

jatar_k

9:20 pm on Jul 22, 2005 (gmt 0)

seems that it might not be set up properly, otherwise he wouldn't still be getting through

maybe paste the relevant lines from htaccess here (please replace the specific ip with xx.xx.xx.xx)

defireman

10:54 am on Jul 24, 2005 (gmt 0)

Make sure that your httpd.conf is set to use .htaccess files. Make sure that AllowOverride is enabled in httpd.conf. Find this section in httpd.conf


<Directory "C:/webserver/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
 Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
 AllowOverride None
#
# Controls who can get stuff from this server.
#
 Order allow,deny
 Allow from all
</Directory>

And change the AllowOverride directive from None to .htaccess. That should do the trick.

jdMorgan

2:27 pm on Jul 24, 2005 (gmt 0)

To expand on the previous post, see AllowOverride [httpd.apache.org], and add "Options" plus any others you feel are necessary to do what you need to do after reading their descriptions.

Jim

Dogza

3:49 pm on Jul 26, 2005 (gmt 0)

Thanks for the replies. Here is a copy of my .htaccess:

--------------------------------------------
IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*

<Limit GET HEAD POST>
order deny,allow
deny from xx.xx.xx.xx
deny from xx.xx.xx.xx
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

--------------------------------------------

I'm assuming the "IndexIgnore .htaccess" refers to search engine spiders reading the htaccess file.

I have about 35 IP's blocked, but I just showed 2 above so that you would get the idea.

Thanks for everyones help..