Welcome to WebmasterWorld Guest from 3.227.3.146

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

htaccess block results

     
11:28 am on May 22, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 28, 2012
posts: 54
votes: 0


Why do .htaccess IP blocks result in groups of four 403's ?

ie:
-a specific IP is listed as a Deny from rule in .htaccess
-said IP attempts to hit a file
-a 403 is served resulting in a 403 listing in stats logs
PLUS
-403's served to three hits on the web site root

Is this a feature of Apache or is this a result of the attacker's software attempting to load the root after failing to load the specified file?

Thank you.

eg:

4) 403 GET 218.93.127.* Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;) / 5/22/12
3) 403 GET 218.93.127.* Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;) / 5/22/12
2) 403 GET 218.93.127.* Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;) / 5/22/12
1) 403 GET 218.93.127.* Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;) /dir/file 5/22/12
2:20 pm on May 22, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5507
votes: 5


Seedy,
I'm not sure why you persist upon posing these inquires in the Apache forum, as I've explained to you previously, there are far more participants in the SSID forum that could more readily assist you.

"A best guess", based upon the vague references you've provide (raw logs would be more precise, as opposed to something either you've constructed or retrieved from a stats software)?

The additional 403's are likely for images and/or supporting files.
Possibly even a loop caused by a Rewrite or Redirect.
2:51 pm on May 22, 2012 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 28, 2012
posts: 54
votes: 0


Seedy,
I'm not sure why you persist upon posing these inquires in the Apache forum, as I've explained to you previously, there are far more participants in the SSID forum that could more readily assist you.

"A best guess", based upon the vague references you've provide (raw logs would be more precise, as opposed to something either you've constructed or retrieved from a stats software)?

The additional 403's are likely for images and/or supporting files.
Possibly even a loop caused by a Rewrite or Redirect.


Wilderness,
The title of this section of the site is, as I'm sure you're well aware: "Apache Web Server" with a sub heading of ".htaccess, mod_rewrite, and other Apache specific topics."

The title of the section to which you refer is, as I'm sure you also well aware: "Search Engine Spider and User Agent Identification".

My questions relates to .htaccess and possibly Apache, not SSI's, or U-A's. Therefore, why would anyone wanting questions answered on .htaccess and/or Apache post in a section clearly intended for questions on SSI's and/or U-A's when there is a section clearly labelled for those specific topics. Perhaps these need to be changed?

Here's an idea; you could always simply ignore my questions and let someone else reply rather than allowing them to frustrate to you. However, since my posts are clearly not to your liking for some reason know only to yourself, I'll not bother you any more.

Thank you for your reply all the same.
3:12 pm on May 22, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5507
votes: 5


My questions relates to .htaccess and possibly Apache, not SSI's, or U-A's. Therefore, why would anyone wanting questions answered on .htaccess and/or Apache post in a section clearly intended for questions on SSI's and/or U-A's when there is a section clearly labelled for those specific topics. Perhaps these need to be changed?


As I previously explained to you:
The folks in that forum have been using these methods for more than a decade (and before this forum existed) and have an experience of insight that others simply don't have.

frustrated?


You have not provided any Apache or htaccess syntax and yet I was so frustrated that I was able to provide an accurate answer ;)

Glad to help.
3:49 pm on May 22, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


The answer depends on the timing. If all requests are in the same second, maybe you have a code error on your site which made the the bot make multiple requests or maybe the bot makes multiple requests anyway. A post in the SSID forum would likely find someone familiar with that UA and IP and could shed more light on it. If the requests are some seconds apart, it's more likely the bot responds to your status code for the inner page simply by requesting some other URLs.