Forum Moderators: phranque
<VirtualHost xxx.xx.xxx.xxx:443>
ServerAdmin alert@maildomain
ServerName www.example.com
DocumentRoot /srv/example
<Directory "/">
AllowOverride None
Require all denied
</Directory>
<Directory "/srv/example">
DirectoryIndex index.php
AllowOverride All
Include /etc/apache2/use-setenv.conf
Include /etc/apache2/rewrite.conf
<RequireAll>
Require all granted
Include /etc/apache2/ban-ips-not.conf
</RequireAll>
</Directory>
(etc)
Require not ip 3.0.0.0/8
Require not ip 34.192.0.0/10
Require not ip 54.64.0.0/8
(etc)
Include /etc/apache2/use-setenv.conf
Include /etc/apache2/rewrite.conf
Include /etc/apache2/ban-ips.conf
<RequireAll>
Require all granted
<RequireNone>
Require ip 3.0.0.0/8
Require ip 34.192.0.0/10
Require ip 54.64.0.0/8
(etc)
</RequireNone>
</RequireAll>
I've also tried...This makes it sound as if you mean that the lines simply aren't getting included--which is an entirely different issue from the <RequireNone> vs. Require not option. Have you verified that the rule works if you manually type in the Require lines instead of using Include?
with the include file ban-ips.conf...Did something get left out in editing? Now it sounds as if the file ends up being
<RequireAll>
Require all granted
<RequireAll>
Require all granted
<RequireNone>
Require ip 3.0.0.0/8
Require ip 34.192.0.0/10
Require ip 54.64.0.0/8
(etc)
</RequireNone>
</RequireAll>
</RequireAll>
<RequireAll>
Require all granted
# Include /etc/apache2/ban-ips-not.conf
Require not ip (my ip)
Require not ip 3.0.0.0/8
Require not ip 34.192.0.0/10
Require not ip 54.64.0.0/8
</RequireAll>
<RequireAll>
<RequireNone>
Require all granted
# Include /etc/apache2/ban-ips-not.conf
Require not ip (my ip)
Require not ip 3.0.0.0/8
Require not ip 34.192.0.0/10
Require not ip 54.64.0.0/8
</RequireNone>
</RequireAll>
Omitting Require all granted causes (as expected) a reload error.Heehee, yes, when my server moved to 2.4 earlier this year, it took me a while to figure out that the containing <RequireAll> (or perhaps <RequireAny>, didn't have occasion to try) is obligatory; any <RequireNone> has to go inside that.
<RequireAll>Cut-and-paste error? I'd expect the “Require all granted” to be inside the RequireAll, outside the RequireNone. Same for all those "Require not" lines inside RequireNone--wouldn't they all cancel each other out?
<RequireNone>
Require all granted
<RequireAll>
Require all granted
<RequireNone>
Require env keep_out
Require env bad_range
Require env noagent
Require env bad_agent
[ snip ]
Require ip 195.181.aa.bb
</RequireNone>
</RequireAll>
<RequireAll>
Require all granted
Require not ip aa.bb.cc.dd
</RequireAll>
<VirtualHost xxx.xx.xxx.xxx:443>
ServerAdmin alert@mailserver
ServerName www.example.com
DocumentRoot /srv/example
<Directory "/">
AllowOverride None
Require all denied
</Directory>
<Directory "/srv/example">
DirectoryIndex index.php
AllowOverride All
Include /etc/apache2/use-setenv.conf
Include /etc/apache2/rewrite.conf
<RequireAll>
Require all granted
Require not ip (my ip)
</RequireAll>
</Directory>
(etc...)
</VirtualHost>
Require env dave_is_good
Require env good_uri
Require env robots_txt_uri
<RequireAll>
# allow bad googlebot parms
Require env google_bot
Require env google_bot_ip
Require env old_browser
</RequireAll>
<RequireAll>
# allow duckduck and cliqz
Require env amazon_ips
<RequireAny>
Require env cliqz
Require env duck
</RequireAny>
</RequireAll>
<RequireAll>
Require method GET POST HEAD
<RequireNone>
Require env too_low_proto
Require env bad_proto
Require env noaccept
Require env noaccept_lang
(etc... - all Require env)
<RequireNone>
</RequireAll>
use-setenv.conf (final part):Does the whole thing go inside a <RequireAll> envelope? Or a <RequireAny>? A <RequireNone>? I can't figure out what's going on in the opening lines. And why so many separate <RequireAll> envelopes?
Require env robots_txt_uri
