top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Apache: Deny <ip address> didn't work

+1 vote
373 views

I tried both of the following methods to block an ip address, but neither worked. In .htaccess, I put:

Order Deny,Allow
Deny from 123.123.123.123

and 

RewriteCond %{REMOTE_ADDR} ^123.123.123.123
RewriteRule .* /maintenance.html [R=503,L]

(I do have the mod_rewrite module installed). In both cases, I put the rules at the top of the file so that it would be the first rules executed.

After each one, i did an apachectl stop, then apachectl start. In both cases, when i monitored my site with the server-status module, the ip address was still there, with sometimes more than 30 requests, and all for the same page, which was ..../login.php. And it continued to be there for the next 30 minutes until it just dropped off, but i was doing nothing to stop it at that point.

This method of blocking has worked for me in the past.

Is it possible for someone to bypass my blocking method(s)? Or is there something more I need to do?

posted May 4, 2015 by Tarun Singhal

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button
What version of Apache are you using?Apache 2.4 changed the access control directives unless you specifically enable the old style: http://httpd.apache.org/docs/2.4/upgrading.html#access

Also, make sure you have the correct AllowOverride statements.

Also "allow/deny" (or the 2.4 equiv) directives only control whether the server delivers the content, not whether the client can request an item from the server. I.e., the indication of successful blocking will be the response code changing from 200 to 403, but you'll still likely see hits. If you want to block the client from hitting the server you'd probably need to use firewall settings. With your rewrite attempt, did you include a statement turning the
rewrite engine on?
Thanks for your replies.

I'm using apache version 2.2.15 - so I guess I don't have to worry about the 2.4 changes.

I'll have to research AllowOverride ....

Very interesting - seems obvious now that you say it, but I didn't realize my efforts were just blocking the response, not the request.

I tried an iptables rule and that seems to have worked.

Re the rewrite engine - also interesting ... I do have the RewriteEngine On statement, but it's below the RewriteCond statement. Does that make a difference? IE, does it process sequentially, and so the rewritecond
statements are just ignored unless they come after rewriteengine on ?

Similar Questions
0 votes

On a computer running Ubuntu 16.04, I am trying to change the static IP address of an ethernet device, while the system is running. Therefore, I edit the file /etc/network/interfaces.d/${IFNAME} and then execute the command 'service networking restart'. But with that, the ethernet device is not switched to the new IP address, but it keeps the old address and gets the "new" address as secondary IP address. In former versions of Ubuntu, with the same steps as above, the old IP address was replaced by the new one.

What do I have to do now to switch the IP address without a reboot?

+1 vote

I want a JAVA program. That gets the website name from the user and prints the IP Address of that website.

...