Nothing wrong with that code, as far as it goes...

Are there other "blocks" of Allow/Deny directives in this file? How about additional "Order" statements?

Jim

No, it's the only block. In another post you said to put access code before the others so I placed it near the top with rewrites below. like this:

ErrorDocument 404 /missing.html
AddHandler server-parsed .html
#
#
#block multiple addresses on same ISP unwiredbroadband.net.
<Files *>
Order Allow,Deny
Allow from all
Deny from 64.203.114
Deny from 64.203.124.219
</Files>
#
Options +Includes
Options +FollowSymLinks
RewriteEngine on

> Are there other "blocks" of Allow/Deny directives in this file?

Minding the details saves time...

The unwelcome access you showed from your log file above was from 64.203.124.212. That IP address does not fall into the 'prefix-range' of your your first Deny line, nor is it equal to the single address specified in your second Deny line.

So I suspect you'll want to expand your second Deny line to specify a prefix-range such as 64.203.124, a CIDR-range of 64.203.124.0/24, or a Network/Netmask range of 64.203.124.0/255.255.255.0 (all equivalent notations for IP addresses in the range of 64.203.124.0 through 64.203.124.255 inclusive, using the three different range notations supported by mod_access).

Jim

That IP address does not fall into the 'prefix-range' of your your first Deny line,

I must be going blind.

Thanks.

I set up the block so it would cover any IP starting with 64.203
and he's still gaining access.

<Files *>
Order Allow,Deny
Allow from all
Deny from 64.203.0
</Files>

His IP is: 64.203.124.212

I know he can be using a proxy but would that show up as his real IP?

How does a Proxy appear in a log?

Here is the log data -- same as the one above:

64.203.124.212 - - [25/Aug/2010:07:31:55 -0600] "GET / HTTP/1.1" 200 19142 "http://www.google.com/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&channel=s&hl=en&q=garden+bridges&btnG=Google+Search" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 GTB7.1 (.NET CLR 3.5.30729)"

Lori

The prefix specified in the Deny must match the prefix of the requesting URL.

64.203.124.212 starts with 64.203.124, not with 64.203.0 so your Deny line is still incorrect.

Proxied requests often appear identical to non-proxied requests in the server logs, because the standard logfile format does not show proxy-related HTTP header values. However, the IP address shown in the log is always the one that the request was received from. If you want to see the X-Forwarded-For IP address, you will have to implement custom logging on the server.

Jim

I saw a previous post of yours that said:

let's say you want to deny from 192.168.0.0 through 192.168.0.255

The documentation states that you may use:

deny from 192.168.0
or
deny from 192.168.0.0/24
or
deny from 192.168.0.0/255.255.255.0

All of which do the same thing.

and that's why I tried deny from 64.203.0

ALso I've tried his exact IP: 64.203.124.212

He is probably using a proxy. I"ll try to so as you said re custom logging.

Thanks.

Hi Jim,

I called my host and he sent the file I needto change in apache. However, if I change apache so that I can implement custom logging what are the chances that I can prevent this person from accessing the site?

If this involves adding a new IP every time he uses a different proxy then it seems like it's hardly worth it -- like chasing butterflies with blindfolds on.

Re-read my post very carefully, and note which digit varies from 0-255 with the code I specified.

The problem is in this detail, not that the guy is using a proxy or anything else. There's no magic in Apache, just details. Use any one of

Deny from 64.203.124

or

Deny from 64.203.124.0/24

or

Deny from 64.203.124.0/255.255.255.0

and he will be blocked at that IP address and all IP addresses in the surrounding network of 256 addresses. (This latter point will usually prevent him from resetting his modem/router to get a new address assigned by his ISP that you don't block. Typically, the "address pool" size for most ISPs is only 256 addresses.)

However, this (and any other server-side trick) is only temporary. Your real solution is to hire an attorney, and make the intruder's shenanigans cost his his business and his house and his car... File DMCA infringement complaints with his ISP, his host, and all of the major search engines. Server-side code is really only effective against non-specifically-targeted exploits, where the exploiters are simply going after the low-hanging fruits -- the easy pickings sites that have no self-protection at all...

With utmost respect, you're apparently in such a big hurry to block this guy that you're not spending the time to really understand this stuff. And that is causing mistakes and misunderstandings and allowing the guy to continue and is thus unproductive. In order to use Apache modules, you must study the Apache documentation, examples, and on-line tutorials until you truly understand what this stuff means -- copy and paste simply cannot work because all problems are different and most server configurations are different...

Jim