Your rule is missing a required argument.

# Other conditions
RewriteCond %{REMOTE_ADDR} 12\.345\.67\.89 [OR]
RewriteCond %{REMOTE_ADDR} 98\.76\.54\.3 [OR]
RewriteCond %{REMOTE_ADDR} 67\.89\.0\.
RewriteRule !^MESSAGE\.html$ /MESSAGE.html [NC,L]

Jim

Wow! Works a treat, easy when you know how.

Many thanks Jim.

And I thought I was beginning to understand mod_rewrite... *chuckle*

Missed this on the first read...

You need to add anchoring to those IP addresses, otherwise, they are ambiguous. For example, the first one would also ban 112.345.67.89 or 212.345.67.89. Fully-anchor only single IP addresses, and don't end-anchor ranges such as your last one.

# Other conditions
RewriteCond %{REMOTE_ADDR} ^12\.345\.67\.89$ [OR]
RewriteCond %{REMOTE_ADDR} ^98\.76\.54\.3$ [OR]
RewriteCond %{REMOTE_ADDR} ^67\.89\.0\.
RewriteRule!^MESSAGE\.html$ /MESSAGE.html [NC,L]

Jim

Roger!
You're terrific!

Ta!

I can tell it is working because, although there's no trace of the name message.html in the logs, when the target IPs come calling a file.htm, they receive the response 200 664. (664 being the size of my message.html file)

But it leaves this error log message:

mod_rewrite: maximum number of internal redirects reached. Assuming configuration error. Use 'RewriteOptions MaxRedirects' to increase the limit if neccessary.

Is this acceptable, or do I need to modify the mod_rewrite code?

The code is looping.

Be very careful about the syntax of that RewriteRule. It must be exactly as I posted it above in message 2 with a space after RewriteRule. Then "!^" then the MESSAGE\.html filepath with no leading slash, then the "$", then a space, and the the path to MESSAGE\.html again, but with a slash.

The rule is supposed to prevent looping itself; It says, "If the requested URI is NOT exactly MESSAGE.html, then (assuming the above conditions have been met) internally rewrite to /MESSAGE.html and quit processing for this pass."

Therefore, if the paths don't match (with the exception of the leading slash mentioned above and the escaped period in the pattern), the rule will loop, and you'll get the result you're seeing.

Adding to our troubles, the forum deletes spaces preceding "!" unless you type two spaces.

Jim

Mmm.. well knowing how thorough you are Jim, I've double checked everything and it seems to be as you've advised. It works yet still gives the looping error.

I wonder if it something to do with the way I've combined it with the rest of my RewriteCond?
It's all been working solidly for months, I just tagged this onto it.
Here's how I end my block in the www .htaccess.
(I've disguised the IPs before posting here)

Options +FollowSymLinks
RewriteEngine on
Lots of good stuff here...
RewriteCond %{HTTP_REFERER} iaea\.org [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR]
# google prefetch Kill that WebAccellerator, Claus
RewriteCond %{X-moz} ^prefetch
RewriteRule .* - [F]
RewriteCond %{REMOTE_ADDR} ^123\.456\.7\.89$ [OR]
RewriteCond %{REMOTE_ADDR} ^987\.65\.43\. [OR]
RewriteCond %{REMOTE_ADDR} ^321\.123\.45\. [OR]
RewriteCond %{REMOTE_ADDR} ^213\.12\.123\.
RewriteRule !^message\.html$ /message.html [NC,L]

I've had it up for two days now, the recalcitrants have visited and seen the message, so I can change it to a plain 403, now that they've got the message. But I know we'd both like to get this right for future reference.

I wonder... Do you use a custom 403 error page?

Without looking at the access log and error log for the 'loop', I can't really see anything else wrong.

If you use a custom 403 page, you need to exclude its filename from any [F] rules, otherwise the server will generate a 403 because you told it to, and then get another 403 trying to server the custom 403 page. But this is probably not the immediate problem you're seeing. Any logs?

Jim

I don't use a custom 403. (Just a custom 404)
Here are the relevant logs, the first is from my access log, the second is the error log for the same call. Note the 200 664...

664 is the size of the message.htm file. And when I block my own IP I do indeed get served the message.htm file in the browser, so I know it is working, despite the loop.

123.456.7.89 - - [16/Feb/2006:06:50:36 -0500] "GET /example.filename.htm HTTP/1.1" 200 664 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

[Thu Feb 16 06:50:36 2006] [error] [client 123.456.7.89] mod_rewrite: maximum number of internal redirects reached. Assuming configuration error. Use 'RewriteOptions MaxRedirects' to increase the limit if neccessary.

No clue... unless message.html is not in the root directory or this code is not in the root directory, your code should work fine.

Jim

Maybe that's it, both the .htaccess file with the code and message.html are in the same www public directory, not root.

I have subdomains and putting this .htaccess file in root caused problems of some kind, can't recall what.

I'll try moving just the message.html file to root and see what that does.

Not to worry though, the main objective has been achieved.

Hmmm... Just so I don't get you into more technical trouble...

When I said 'root' I meant the Web-accessible root folder defined as DocumentRoot, the same place where your 'home page' and robots.txt are located.

Jim

Yes, that is what my host calls www, and where I have the .htaccess and message.html.

There's a folder below this one that my host calls 'root' it has the cgi-bin and non public stuff. I put a copy of the message.html file in there too to see if it stops the looping, but the target IP hasn't returned since, so I don't know.

But I'm happy enough, thanks.