Where is the right place to place the Deny From in the htaccess - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Where is the right place to place the Deny From in the htaccess

James46

2:35 am on Apr 30, 2004 (gmt 0)

10+ Year Member

Where I have the (deny from) in the htaccess don't seem to be working.
I'm getting hit 3 to 5 times a day with some joker from the ip range 139.55
This is whats in the log file each time this happens.

[29/Apr/2004:21:13:15 -0400] "SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\
xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\
x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\
xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1

This is only part of it,there's lots more on that one.
I thought I read on here some where that this code was a virus.
I did a Whois lookup on the ip and it's from Lincoln Telephone Company.
I try'ed the deny from 139.55. and it still don't work. So what I'm asking is, just where in the htaccess file do you place the deny from at.

<Files .htaccess>
order allow,deny
deny from all
</Files>
order allow,deny
deny from 139.55.
allow from all

I did searchs on the net and not one place I found said any thing about the order of how deny from are placed in the htaccess file. I don't know what else to do.

Apache 1.3.24
php 4.3.3
Mysql 4.0.18
running on windows XP pro

[edited by: jdMorgan at 3:07 am (utc) on April 30, 2004]
[edit reason] Fixed side-scroll due to long line [/edit]

jdMorgan

3:05 am on Apr 30, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

James46,

The placement doesn't matter. In effect, each Apache module parses your .htaccess file, and takes the directives it can handle. The order of module processing is set by the server configuration, and not by the order of .htaccess directives.

I seem to recall someone having a problem because of multiple Order statements in .htaccess -- It's possible .htaccess can have only one Order directive. Try this and see if it works better:


Order allow,deny
<Files *>
Allow from all
Deny from 139.55.
</Files>
<Files .htaccess>
Deny from all
</Files>

I should also point out that this will not stop requests from that IP address; They will still appear in your combined log files. But your server should respond to the requests with a 403-Forbidden response.

Jim

James46

4:40 pm on Apr 30, 2004 (gmt 0)

10+ Year Member

Thank you Jim
I place that in to the htaccess file, I don't know if it'll work or not. Is there any way to test it to see if the Deny From works. The reason I'm asking is I place my ip in there and tryed it and when I click to load the website, it loaded right up, didn't give no 403 forbidden error, the site just loaded right up.
I have 3 systems here networked and number 3 is the server, I would though that any ip number placed in the "Deny from" would get the 403 forbidden error.
That's what is so confuseing about it.

jdMorgan

6:00 pm on Apr 30, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Make sure you've flushed ALL caches between you and the server... Browser cache, proxy cache, etc.
You need to do this whenever you test mod_rewrite changes.

Jim

ctwebguy00001

11:40 pm on May 3, 2004 (gmt 0)

I've tried this in .htaccess, thinking that it would limit "SEARCH" requests.

Didn't work.
The "SEARCH" request still got through,

<LimitExcept POST OPTIONS HEAD>
Order deny,allow
Deny from xx.xx.xx.****
</LimitExcept>

If anyone has had success blocking the "SEARCH" request please post.
Thank you.

jdMorgan

12:12 am on May 4, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

<LimitExcept> is defined as the opposite of <Limit>. <Limit> does not restrict SEARCH, because SEARCH is not an HTTP/1.0 method. Therefore, <LimitExcept> will not affect SEARCH either.

This mod_rewrite code works on several dozen sites:


RewriteCond %{REQUEST_METHOD} !^(GET¦HEAD¦OPTIONS¦POST¦PROPFIND¦TRACE)$
RewriteRule .* - [F]

You could also use something like this:


SetEnvIf Request_Method "^SEARCH$" getout
Deny from env=getout

Jim