I have the following entry in my HTACCESS file:
deny from 88.198
It was my understanding that this would block everything from 88.198.* but today, I saw in my IP logs that someone with the IP of 88.198.blah.blah visited my site (I think it was a bot judging from the HTTP Code, Referrer, and Agent). Now granted, they / it received a 404 due to looking for something that wasn’t there, but to me, they should never have even got that far.
Am I misunderstanding something here? In my mind, if an IP is within the DENY IP range, it should receive a FORBIDDEN. Am I wrong?
Here’s what I have…
IndexIgnore *
<Files .htaccess>
order allow,deny
deny from all
</Files>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} Bot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\\ mailto:craftbot@yahoo.com [OR]
[B]...[/B]
RewriteCond %{HTTP_USER_AGENT} ^Yanga [OR]
RewriteCond %{HTTP_USER_AGENT} ^Yandex [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]
#permanently redirect specific IP request for single page.
#To declare more than 1 range, IP, etc, just copy last 3 lines.
# For security reasons, Option followsymlinks cannot be overridden.
#Options FollowSymLinks
Options SymLinksIfOwnerMatch
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} 206\\.134
RewriteCond %{REQUEST_URI} !^/index2\\.html$ [NC]
RewriteRule .* /index2.html [R=301,L]
<Files 403.shtml>
order allow,deny
allow from all
</Files>
# List date 11/10/2009
# Misc. entries...
deny from 216.127.63.132
[B]...[/B]
deny from 58
deny from 38.105.83
deny from 38.105.71
# List date 11/16/07
# China IP Address Blocks
deny from 58.14.0.0/15 58.16.0.0/13 58.24.0.0/15 58.30.0.0/15 58.32.0.0/11 58.66.0.0/15 58.68.128.0/17 58.82.0.0/15 58.87.64.0/18 58.99.128.0/17 58.100.0.0/15 58.116.0.0/14 222.176.0.0/12 222.192.0.0/11 222.240.0.0/13 222.248.0.0/16 222.249.0.0/17 222.249.128.0/18 222.249.192.0/19 222.249.224.0/20 222.249.240.0/21 222.249.248.0/23
# Korea IP addresses follow:
deny from 58.72.0.0/13 58.239.0.0/16 58.140.0.0/14 59.0.0.0/11 59.186.0.0/15 61.248.0.0/13 121.128.0.0/10 122.99.128.0/17 124.50.87.161 125.128.0.0/11 125.176.0.0/12 143.248.0.0/16 211.41.224.0/19 211.104.0.0/13 211.112.0.0/13 211.211.36.0/23 218.144.138.0/26 219.240.0.0/15 219.248.0.0/13 221.128.0.0/12 221.144.0.0/12 221.160.0.0/13 221.168.0.0/16 221.163.46.0/24
# Malaysia
deny from 60.48.0.0/13 202.71.102.0/24 203.223.128.0/19
# Thailand
deny from 58.137.13.0/24 203.113.13.0/24 203.144.144.0/24 203.149.0.0/18 203.155.0.0/16
# Vietnam
deny from 58.187.112.0/20 125.234.0.0/15 203.113.128.0/18
# List date 11/14/07
# Nigeria IP Address Blocks
deny from 12.166.96.32/27 41.202.0.0/17 41.202.128.0/19 41.204.0.0/17 41.204.128.0/18 41.204.224.0/19 41.205.160.0/19 41.207.0.0/19 41.207.192.0/19 41.208.128.0/18 41.210.0.0/18 41.211.192.0/18 41.219.192.0/18 41.220.0.0/16 41.222.24.0/21 41.222.40.0/21 41.222.64.0/21 41.223.24.0/22 41.223.248.0/22 41.248.0.0/16 41.250.0.0/16 61.11.230.112/29 62.56.128.0/17 62.56.235.0/24 62.56.236.0/24
[B]...[/B]
217.146.9.0/24 217.146.10.128/25 217.146.11.0/25 217.146.12.0/24 217.146.13.0/24 217.146.14.0/25 217.146.15.0/25 217.146.16.0/27 217.146.16.32/29 217.168.112.0/20 217.194.140.0/22 217.194.144.0/20 217.199.144.0/20 217.212.242.0/23
# List date 11/14/07
# Russia and Ukraine and Bulgaria and Romania and Latvia and Estonia
deny from 77.120.0.0/14
deny from 78.106.0.0/15
deny from 79.120.0.0/17
[B]...[/B]
deny from 212.24.32.0/19 212.58.192.0/19 212.158.160.0/20
deny from 213.91.128.0/17 213.140.96.0/19 213.154.192.0/19 213.242.12.0/22 213.248.48.0/20
deny from 217.12.240.0/20 217.16.16.0/20 217.77.208.0/20 217.174.96.0/20
I’m sure there’s at least 1 problem with the above, but I have no clue what it might be. Any ideas?
rpkamp
March 10, 2010, 7:22pm
3
Note that all Allow and Deny directives are processed, unlike a typical firewall, where only the first match is used. The last match is effective (also unlike a typical firewall). Additionally, the order in which lines appear in the configuration files is not significant – all Allow lines are processed as one group, all Deny lines are considered as another, and the default state is considered by itself.
– from: The apache manual on mod_access .
This poses the following question: Do you have Order allow,deny -OR- Order deny,allow ?