Forum Moderators: phranque
<Limit GET POST>
order allow,deny
allow from all
deny from .servera.badco.com
deny from .badtown.ab.da.uu.net
deny from .nogood.org
deny from 234.56
</Limit>
(Sure would be great if there were an automatied .htaccess validator out there somewhere. Is there?)
Many thanks.
1) Maybe your server is configured such that it does not allow reverse-DNS lookups. Reverse-DNS lookups are required for this to work, since the only info the server has is the requesting IP address; It has to send that IP address to the DNS system to get the remote hostname to compare against your deny directives.
Many hosting companies disable reverse-DNS lookups because they can cause server performance problems -- Each incoming request to your server that is processed through your code creates an additional outgoing connection from your server to the DNS system, and your server must wait for that DNS response before it can complete your visitor's HTTP request. This can be very slow, and cause a large number of queued requests to your server.
2) Perhaps the problem is that your code only controls the GET, HEAD, and PUT HTTP methods. Anyone can still use other methods, such as TRACE, MOVE, DELETE, PROPFIND, etc.
Jim
1) Maybe your server is configured such that it does not allow reverse-DNS lookups. Reverse-DNS lookups are required for this to work, since the only info the server has is the requesting IP address; It has to send that IP address to the DNS system to get the remote hostname to compare against your deny directives.
Hmm, I don't think #2 is likely, but this reverse DNS thing may be the cause. Does that mean if I replace the domain name fragments with the corresponding IP address fragments it should work?
Jim
