apache access DENY vs REQUIRE NOT IP

Post

Posted
Rating:
Item has a rating of 5 (Liked by Chris GrahamLiked by Adam)
#5817 (In Topic #1381)
Avatar
Standard member
ironfeather is in the usergroup ‘Well-settled’

fix & infos

Hello,

right now the composr system works with the apache2 webserver but if you upgrade to apache2.4+ you will need to also use the "access_compat" module as some of apache language has changed.

I am using the "apache ultimate bad bot blocker"
https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker

I am using the new version of the bad bot blocker which uses the new apache language, and "access_compat" is not used…. so to fix…

copy /sources/failure.php to /sources_custom/failure.php

edit  /sources_custom/failure.php

find the function add_ip_ban around line 754 or so.
replace the 'deny '  with 'Require not ip '  in 4 locations.

find the  function remove_ip_ban
replace the 'deny '  with 'Require not ip '  in 2 locations.

edit your /.htaccess
towards the very bottom change so it looks something like this:

Code

<RequireAll>
Require all granted
# IP bans go here (leave this comment here! If this file is writeable, Composr will write in IP bans below, in sync with its own DB-based banning - this makes DOS/hack attack prevention stronger)
# Require not ip xxx.xx.x.x (leave this comment here!)
Require not ip 212.7.220.20

</RequireAll>

reload your website to make sure the .htaccess is OK
I have not tested the failure.php but assume that bit will work.

NOTE:  check other .htaccess files in other directories and update if needed

 

———–
Publisher of IronFeather Journal since 1987.  Host of KGNU Colorado Radio for 20 years. 
Currently in Japan & decided to focus on Composr as my number one CMS.
Composr site for community of Hokkaido:  Nandalow
Composr site for my freelance work: "Partners in Progress" - Future Code Japan
My Compsr edits : 
http://ironfeather.com/bbs/viewtopic.php?f=12&amp;t=2862

 
Online now: No Back to the top

Post

Posted
Rating:
#5819
Avatar
Site director
Chris Graham is in the usergroup ‘Administrators’
Thanks, that was a big help. I had no idea that Apache had changed this, I guess having the compat module installed is extremely common. Especially important as Apache 2.2 is no longer maintained.

Fixed in Support for ip bans in Apache 2.4 without compat module · ocproducts/composr@579e45b · GitHub

I don't love the fix I've done (duplicating the IP blocks unless people strip out the compat code from their .htaccess), but I don't think we can drop Apache 2.2 in v10. I'll make an issue for v11.


Become a fan of Composr on Facebook or add me as a friend. Add me on on Twitter. Follow me on Minds (where I am most active). Support me on Patreon

Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about Composr whenever you see the opportunity or support me on Patreon.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying Composr on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Online now: No Back to the top
1 guest and 0 members have just viewed this.

Statistics

Users online:

Vaiva, amit.nigam, Manu, babu, MVLipwig, Salman, Paul D

Forum statistics:
  • 1,062 topics, 5,122 posts, 5,962 members
  • Our newest member is esparkbiz
Birthdays:
Back to Top