How to block IP addresses to the whole server?

     By going down all those conf files and reading fro=
m the web, I
understand that I could write

deny from a.b.c.d

inside every section I could find in order to block
access to IP address a.b.c.d

      However, there are quite a lot of ...> sections in
several conf files.  Is there a way to block them all in *one single
place/line*, ie to the whole server but not to every individual
directory?

      TIA

PS: I'm using Ubuntu 4 in which Apache 2.2 is (seemingly) configured
quite differently from standard one, but I don't think this makes much
difference.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

Hi,

Yeah, I want o blacklist some IP addresses. I don't have
iptables installed, and I don't want to have it. Is it possible to
use Apache to block?

BTW, I've tried the old way of creating a hosts.allow file to
deny, but that didn't work. No idea why.

Thanks

On Thu, Mar 11, 2010 at 16:22, j0rn wrote:
> Hi / Salut
>
> Seems you just want to defintely blacklist a specific IP address
> So, just remember you also have a firewall :
>
> iptables -A INPUT -s -j DROP
>
> cheers
>
>
> On 11/03/2010 15:42, Je suis la poubelle wrote:
>>
>>      By going down all those conf files and reading from =
the web, I
>> understand that I could write
>>
>> deny from a.b.c.d
>>
>> inside every  section I could find in order to block
>> access to IP address a.b.c.d
>>
>>       However, there are quite a lot of =
 sections in
>> several conf files.  Is there a way to block them all in *one singl=
e
>> place/line*, ie to the whole server but not to every individual
>> directory?
>>
>>       TIA
>>
>> PS: I'm using Ubuntu 4 in which Apache 2.2 is (seemingly) configured
>> quite differently from standard one, but I don't think this makes much
>> difference.
>>
>> ------------------------------------------------------------ ---------
>> The official User-To-User support forum of the Apache HTTP Server Projec=
t.
>> See  for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.ap=
ache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> --
> j0rn
> http://nibbles.tuxfamily.org/
>
> ***********************************
>
> Ce  message  et toutes  les  pieces  jointes (ci=
-apres  le  "message")
> sont  confidentiels   et  etablis  a  l'intentio=
n   exclusive  de  ses
> destinataires. Toute  utilisation  ou  diffusion  non=
  autorisee  est
> interdite. Tout message  electronique  est  susceptible =
 d'alteration.
> L'expediteur  decline toute  responsabilite  au  titr=
e de  ce  message
> s'il  a  ete  altere,  deforme  ou  falsifi=
e. Si  vous  n'etes  pas le
> destinataire  de ce  message, merci  de le  detruire =
immediatement  et
> d'avertir l'expediteur.
>
> ***********************************
>
>
>

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

On 11 March 2010 14:42, Je suis la poubelle wrote:
>      By going down all those conf files and reading from the web,=
I
> understand that I could write
>
> deny from a.b.c.d
>
> inside every section I could find in order to block
> access to IP address a.b.c.d
>
>     =A0 However, there are quite a lot of section=
s in
> several conf files.=A0 Is there a way to block them all in *one single
> place/line*, ie to the whole server but not to every individual
> directory?

Directives enclosed inside a block apply to that directory
and subdirectories too, so you don't need to change every single
section. See:-

http://httpd.apache.org/docs/2.2/mod/core.html#directory

Try it out and you have problems, clearly describe what you're trying
to do, what's not working, what your logs say and what configuration
you currently have.

-- Phil

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

From: Je suis la poubelle
> Yeah, I want o blacklist some IP addresses. I don't have
> iptables installed, and I don't want to have it. Is it possible to
> use Apache to block?
> BTW, I've tried the old way of creating a hosts.allow file to
> deny, but that didn't work. No idea why.


Try this:
http://www.mkhelif.fr/2008/06/23/apache2-systeme-de-blacklis t.html

JD




------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

--001485e3dee641e90e04818d1a1d
Content-Type: text/plain; charset=ISO-8859-1

You need to put the ip in the hosts.deny file

On Mar 12, 2010 3:11 AM, "John Doe" wrote:

From: Je suis la poubelle

> Yeah, I want o blacklist some IP addresses. I don't have > iptables
installed, and I don't w...
Try this:
http://www.mkhelif.fr/2008/06/23/apache2-systeme-de-blacklis t.html

JD

------------------------------------------------------------ --------- The
official User-To...

--001485e3dee641e90e04818d1a1d
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

You need to put the ip in the hosts.deny file

On Mar 12, 2010 3:11 AM, "John Doe" =
<> wrote:
r>From: Je suis la poubelle <lapsap=
7@gmail.com>

> Yeah, I want o blacklist some IP addre=
sses. I don't have
> iptables installed, and I don't w...

Try this:

=A0 t.html" target=3D"_blank">http://www.mkhelif.fr/2008/06/23/apache2-s ysteme-=
de-blacklist.html



JD

=20

------------------------------------------------------------ ---------
The official User-To...

Re: How to block IP addresses to the whole server?

On 11-Mar-10 11:11, John Doe wrote:
> From: Je suis la poubelle
>> Yeah, I want o blacklist some IP addresses. I don't have
>> iptables installed, and I don't want to have it. Is it possible to
>> use Apache to block?
>> BTW, I've tried the old way of creating a hosts.allow file to
>> deny, but that didn't work. No idea why.
>
>
> Try this:
> http://www.mkhelif.fr/2008/06/23/apache2-systeme-de-blacklis t.html

Or better, this:

http://www.clockwatchers.com/htaccess_block.html

Reese


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

--------------------------------------------------
From: "Je suis la poubelle"
Sent: 11 March, 2010 14:42
To:
Subject: [users@httpd] How to block IP addresses to the whole server?

> By going down all those conf files and reading from the web, I
> understand that I could write
>
> deny from a.b.c.d
>
> inside every section I could find in order to block
> access to IP address a.b.c.d
>
> However, there are quite a lot of sections in
> several conf files. Is there a way to block them all in *one single
> place/line*, ie to the whole server but not to every individual
> directory?
>
> TIA
>
> PS: I'm using Ubuntu 4 in which Apache 2.2 is (seemingly) configured
> quite differently from standard one, but I don't think this makes much
> difference.
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Lapsap7,

Here is a great site:

http://www.blockacountry.com/

It automatically generates a .htaccess file that you can use to block entire
nations.

I use it, and it works great.

Thanks,
Daniel


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

On Thu, Mar 11, 2010 at 17:07, Philip Wigg wrote:
> On 11 March 2010 14:42, Je suis la poubelle wrote:
>>      By going down all those conf files and reading =
from the web, I
>> understand that I could write
>>
>> deny from a.b.c.d
>>
>> inside every section I could find in order to block
>> access to IP address a.b.c.d
>>
>>       However, there are quite a lot of ory ...> sections in
>> several conf files.  Is there a way to block them all in *one singl=
e
>> place/line*, ie to the whole server but not to every individual
>> directory?
>
> Directives enclosed inside a block apply to that directory
> and subdirectories too, so you don't need to change every single
> section. See:-
>
> http://httpd.apache.org/docs/2.2/mod/core.html#directory

That's the problem because I have virtual directories (aliases),
and the "directory" it's talking about is, if I understand it
correctly, directory in the disk, not directory in the URL. Am I
correct?

> Try it out and you have problems, clearly describe what you're trying
> to do, what's not working, what your logs say and what configuration
> you currently have.

I have added an IP address (my home IP address and I'm testing at
work) but it's not blocked. I've rebooted the whole computer but
still not blocked. Really strange.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

Yes, I had created hosts.deny as well (but I forgot to mention
it) but it had no effect.

On Thu, Mar 11, 2010 at 22:28, Igor Cicimov wrote:
> You need to put the ip in the hosts.deny file
>
> On Mar 12, 2010 3:11 AM, "John Doe" wrote:
>
> From: Je suis la poubelle
>
>> Yeah, I want o blacklist some IP addresses. I don't have > iptables
>> installed, and I don't w...
>
> Try this:
>  http://www.mkhelif.fr/2008/06/23/apache2-systeme-de-bl acklist.html
>
> JD
>
> ------------------------------------------------------------ --------- The
> official User-To...

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

> =A0 =A0 That's the problem because I have virtual directories (aliases),
> and the "directory" it's talking about is, if I understand it
> correctly, directory in the disk, not directory in the URL. =A0Am I
> correct?

You can use which is merged in afterwards as well.

--=20
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

--------------------------------------------------
From: "Je suis la poubelle"
Sent: 12 March, 2010 13:27
To:
Subject: Re: [users@httpd] How to block IP addresses to the whole server?

> Yes, I had created hosts.deny as well (but I forgot to mention
> it) but it had no effect.
>
> On Thu, Mar 11, 2010 at 22:28, Igor Cicimov wrote:
>> You need to put the ip in the hosts.deny file
>>
>> On Mar 12, 2010 3:11 AM, "John Doe" wrote:
>>
>> From: Je suis la poubelle
>>
>>> Yeah, I want o blacklist some IP addresses. I don't have > iptables
>>> installed, and I don't w...
>>
>> Try this:
>> http://www.mkhelif.fr/2008/06/23/apache2-systeme-de-blacklis t.html
>>
>> JD
>>
>> ------------------------------------------------------------ --------- The
>> official User-To...
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Lapsap7,

What you want is a .htaccess file that blocks the IP addresses from browsing
your site. Please follow the below link. You will then want to upload the
generated .htaccess to your DocumentRoot to block the IP addresses.

Here is a great site:

http://www.blockacountry.com/

It automatically generates a .htaccess file that you can use to block entire
nations.

I use it, and it works great.

Thanks,
Daniel


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

Thanks to all for your replies. For the record, is
the best option for me. This is the solution I use:

edit /etc/apache2/httpd.conf to add the following section:

Order Allow,Deny
Deny from xx.xx.xx.xx
Deny from xx.xx.xx.xx
Allow from all


There is nevertheless one thing I would like to do, but I'm
afraid I'm too demanding :p

Reply to forbidden IP addresses is a page full of informations:
Linux distro and version, Apache version, PHP version and all the
module versions. Possible to prevent them from being shown?

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

On 16 March 2010 15:31, Je suis la poubelle wrote:
> =A0 =A0 Thanks to all for your replies. =A0For the record, is
> the best option for me. =A0This is the solution I use:
>
> edit /etc/apache2/httpd.conf to add the following section:
>
> =A0Order Allow,Deny
> =A0Deny from xx.xx.xx.xx
> =A0Deny from xx.xx.xx.xx
> =A0Allow from all
>
>
> =A0 =A0 There is nevertheless one thing I would like to do, but I'm
> afraid I'm too demanding :p
>
> =A0 =A0 Reply to forbidden IP addresses is a page full of informations:
> Linux distro and version, Apache version, PHP version and all the
> module versions. =A0Possible to prevent them from being shown?

http://httpd.apache.org/docs/2.2/mod/core.html#servertokens

-- Phil

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

--------------------------------------------------
From: "Reese"
Sent: 16 March, 2010 16:48
To:
Subject: Re: [users@httpd] How to block IP addresses to the whole server?

> On 16-Mar-10 10:31, Je suis la poubelle wrote:
>> Thanks to all for your replies. For the record, is
>> the best option for me. This is the solution I use:
>>
>> edit /etc/apache2/httpd.conf to add the following section:
>>
>> Order Allow,Deny
>> Deny from xx.xx.xx.xx
>> Deny from xx.xx.xx.xx
>> Allow from all
>>
>
> That works, but if you add only the necessary parts of that to your
> .htaccess file, it is more dynamic. That is, you don't have to restart
> your HTTP server after each change.
> ex. add:
>
> Order Allow,Deny
> Deny from xx.xx.xx.xx
> Deny from xxx.xx.xxx.xx
> Deny from xx.xxx.
> Allow from all
>
> to the .htaccess file in the root of your publicly-accessible pages
> and the changes go into effect on save, not when you restart Apache.
>
> Note that you can also block whole subnets, not just individual
> IP addresses.
>
> Reese
>
>> There is nevertheless one thing I would like to do, but I'm
>> afraid I'm too demanding :p
>>
>> Reply to forbidden IP addresses is a page full of informations:
>> Linux distro and version, Apache version, PHP version and all the
>> module versions. Possible to prevent them from being shown?
>
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Reese,

I have already suggested this numerous times, yet they fail to respond back with
a no thank you that isn't what I want to do, or any other questions. I have
ignored trying to help this individual.




------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: How to block IP addresses to the whole server?

On 16-Mar-10 10:31, Je suis la poubelle wrote:
> Thanks to all for your replies. For the record, is
> the best option for me. This is the solution I use:
>
> edit /etc/apache2/httpd.conf to add the following section:
>
> Order Allow,Deny
> Deny from xx.xx.xx.xx
> Deny from xx.xx.xx.xx
> Allow from all
>

That works, but if you add only the necessary parts of that to your
..htaccess file, it is more dynamic. That is, you don't have to restart
your HTTP server after each change.
ex. add:

Order Allow,Deny
Deny from xx.xx.xx.xx
Deny from xxx.xx.xxx.xx
Deny from xx.xxx.
Allow from all

to the .htaccess file in the root of your publicly-accessible pages
and the changes go into effect on save, not when you restart Apache.

Note that you can also block whole subnets, not just individual
IP addresses.

Reese

> There is nevertheless one thing I would like to do, but I'm
> afraid I'm too demanding :p
>
> Reply to forbidden IP addresses is a page full of informations:
> Linux distro and version, Apache version, PHP version and all the
> module versions. Possible to prevent them from being shown?



------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org