Forum Moderators: phranque
I use Frontpage to design site.
Hosting tech support placed an .htaccess file containing the following:
(Obviously changing site names and IP numbers)
# -FrontPage-
IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName mysite.com
AuthUserFile /home/myname/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/myname/public_html/_vti_pvt/service.grp
deny from 000.000.000.000
deny from 000.000.00.000
This is not blocking IPs as abuse continues.
From the research I've done, it seems the file should have the "deny from (IP address)" in the <limit> </Limit> section like the following:
# -FrontPage-
IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from 000.000.000.000
deny from 000.000.00.000
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName mysite.com
AuthUserFile /home/myname/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/myname/public_html/_vti_pvt/service.grp
Would this work or what is the way that would work?
Never heard of .htacess before this happened...but from reading some of these posts and other research it looks like it's time to do some serious updating of my knowledge base. It's not what it was out there a few years back.
Would greatly appreciate any help...as the tech support people don't seem to give a rats....
Thanks mucho
photoart
Any edits you make to it are simply overwritten each time you publish. I don't think your hosts don't care, there just is not much they can do.
You might find some answers to the mod_rewrite/FrontPage problem is this earlier thread:
I use FrontPage for publishing and modifying the .htaccess like this works for me on my server:
<Limit GET POST>
order allow,deny
allow from all
deny from 000.000.000.000
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
Also, as you surmised, the 'Denys' should go in-line with the Order directive:
# -FrontPage-
#
IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*
#
<Limit GET POST>
Order Allow,Deny
Deny from 192.168.0.1
Deny from 10.1.1.2
Allow from all
</Limit>
<Limit PUT DELETE>
Order Deny,Allow
Deny from all
</Limit>
AuthName example.com
AuthUserFile /home/myname/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/myname/public_html/_vti_pvt/service.grp
Jim
I think you have the Order of the <Limit GET POST> mixed up. Quoting from the link you posted:
Allow,Deny
The Allow directives are evaluated before the Deny directives. Access is denied by default. Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server.
So if you state "Allow,Deny" you must place the Allow directive before the Deny directive.
If it is "Deny,Allow" the Denies would go before the Allows.
No. The 'Order' directive has absolutely nothing to do with how you list your allows and denys in your code -- It has to do with their priority -- that is, the order in which those allows and denys are applied.
In all cases, the default state is the last state specified. In other words, "Allow, Deny" denies access by default, unless allowed and not overridden by an explicit deny -- as is the case here.
Jim
Now to see what happens from the abusing IPs. Was stated may still show up in the logs, but should show access denied in error logs as 403 right?
Would the stats page still show attempts as pageviews?
I think this is where my SERPs ranking have taken a hit. Just don't know.
Thanks again...
photoart
Yes.
> Would the stats page still show attempts as pageviews?
Probably -- most stats programs are fairly dumb about this. They count views of pages -- any pages, including your error pages. You may be able to derive actual pageviews if your site is otherwise 'clean' -- That is, if you have no other types of errors such as 404-Not Found, then you can subtract the 'Errors' count from the 'Pageview' count to get close to actual pageviews.
However, if you have a lot of 404 errors or 301/302 redirects, then that may make things difficult -- It really depends on your stats package.
> I think this is where my SERPs ranking have taken a hit. Just don't know.
It's doubtful that any user-agents fetching your pages would cause any ranking problems, unless these requests are coming at such a rate as to constitute a denail-of-service attack, interfering with your server's ability to serve legitimate requests (such as those from search engine robots.)
I'd be looking elsewhere for ranking-problem causes.
Jim
# -FrontPage-
IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from 000.000.000.000
deny from 000.000.00.000
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName example.com
AuthUserFile /home/username/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/username/public_html/_vti_pvt/service.grp
My stats page still showed from the 2 abusive IPs:
one IP - 10,256 pageviews (11/1)
second IP - 6,410 pageviews (11/1)
and the error stats showed:
302 - 31 (which I really don't understand)
403 - 0
401 - 4
This morning some of the requests were logged like this:
[02/Nov/2005:02:30:42 -0800] "GET /pagename.htm HTTP/1.0" 200 44840 "-" "-" 000.000.000.000
[02/Nov/2005:02:31:00 -0800] "GET /pagename.htm HTTP/1.0" 200 33256 "-" "-" 000.000.000.000
[02/Nov/2005:02:30:34 -0800] "HEAD /pagename.htm HTTP/1.1" 200 0 "-" "Link Checker" 000.000.000.000
These logs were from the most abusive IP. Because of the name "Link Checker" (User-agent?), I added (11/1)to my robots.text file like this:
User-agent: LinkChecker
Disallow: /
User-agent: *
Disallow: /_private/
Disallow: /_vti_bin/
Disallow: /_vti_cnf/
Disallow: /_vti_log/
Disallow: /_vti_pvt/
Disallow: /_vti_txt/
Disallow: /directory/
Disallow: /directory/directory/
Disallow: /directory/directory/
Disallow: /directory/directory/
Disallow: /directory/directory/
Disallow: /directory/
Disallow: /_vti_inf.html
Thinking this may help, but I guess not as they were at it again this morning. Something must be happening because this morning I got a couple funny looking emails to me from me with attachments, which I quickly deleted.
Because of no 403 errors logged does this mean none of the measures above are working? Does anyone have any ideas on how could get these guys off my back?
Thanks for any help....
photoart
I suggest you re-read posts 5 through 7 very carefully. Your code won't work as posted, because your Order statement is incorrect.
robots.txt compliance is voluntary. Bad-bots won't pay it the least attention.
Jim
Order Allow, Deny
Deny from 000.000.000.000
Deny from 000.000.00.000
Allow from all
where deny in first line is default, overwritten
by the 2 IPs, so only applies to them, and everyone else is allowed?
Maybe stupid question....
Does upper/lower case make any difference on any of the lines?
Thanks again...
photoart
It might... Sometimes. I suggest you try to use the exact case of directives given in the Apache documentation [httpd.apache.org] without fail. This is your server configuration you're modifying here -- it's important to get it right... ;)
Jim
