.htaccess - apache 2.4 howto "Require not ip" per virtualhost? -
.htaccess - apache 2.4 howto "Require not ip" per virtualhost? -
i know it's not efficient, have @ root htdocs (for "/") big .htaccess whith banned ip inside, this:
<requireall> require not ip 1.163.1.5 require not ip 1.163.192.83 require not ip 1.163.193.136 ... (4000+ ips) </requireall>
(it's scriptly updated upon analysis of access log files: scans 404 w00tw00t , script kiddies attempts, see mean). thought behind utilize of .htaccess dynamically updated , parsed when add together new ips :-)
like many companies, have public virtualhost hear on http:80 multiple proxypass rules, multiple backend sites listening on localhost (or lan ips).
the goal configure security stuff in reverse proxies, company does. hence, expected, every request backends have 127.0.0.1 (or local proxy ip) source ip.
however noticed configuration not working expected: .htaccess evaluated backend sites only. not front end virtualhosts. excactly reverse of need do! :/
how should in order create work virtualhosts ? best method ? should utilize rewritecond instead ?
ok found it's impossible since requireall directory tags. solution :
# banned ips <ifmodule rewrite_module> rewriteengine on rewritemap hosts-deny txt:/path/.htaccess.blacklist.ip.hosts.deny rewritecond ${hosts-deny:%{remote_addr}|not-found} !=not-found [or] rewritecond ${hosts-deny:%{remote_host}|not-found} !=not-found rewriterule ^ - [f] </ifmodule>
with .htaccess.blacklist.ip.hosts.deny containing lines this:
1.161.58.238 - 1.163.1.5 - 1.163.192.83 -
apache .htaccess httpd.conf
Comments
Post a Comment