.htaccess limits


#1

Hello all,
Is there a limit to how many IPs can be denied with .htaccess? Or perhaps a file size limit?

TIA,
Hope


#2

Not that I know of, why? How many IP addresses are you trying to block, and how big is your htaccess file?

-Scott


#3

If there’s no limit then the IP is somehow spoofed.

An IP I’ve denied in my .htaccess file was able to access the site. How could that happen?


#4

If it was spoofed, then it should be a different IP.

If the IP is in your file, but isn’t blocked, then it could be an error in your code.

You’ll probably get better help if you post what’s in your .htaccess file that’s letting people get through.


:stuck_out_tongue: Maximum savings promo code: MaxSavingsAtDH


#5

I’ve been working on websites for years now and while I’m not expert, I’m familiar with denying IPs via .htaccess.

I won’t post my .htaccess file but I’d happily send you a PM of the IP I’m trying to deny and the IP block that’s denying access. Would that work?

Thanks,
Hope


#6

The IP wouldn’t really matter - it’s just hard to say what the problem is without more info.

You could try adding your IP to the list as a test and see if you can get through.

If so, then it would seem to be an error in how it’s being done.

If not, then maybe check to make sure there’s not a typo in the IP that is getting through.


:stuck_out_tongue: Maximum savings promo code: MaxSavingsAtDH


#7

Actually, that was the second thing I did. I removed some IPs that were old in case there was a limit. Then I added my IP and was denied access so it is working fine.

It is possible to spoof an IP, yes? If so, is there any way to tell other than finding out that the block isn’t working?


#8

How are you determining that the person is getting past?

Is it because they are doing something that gives it away as being them (forum trolling, comment spamming, etc…)?

Or is it because you are seeing an IP accessing your site that shouldn’t be?

When you said:

I took it to mean that someone was still accessing it from the IP… not that the same person gained access, but from a different IP.

Sure, you can get around IP blocks by using proxies, but that’s just because you’re accessing it from a different IP… so the IP you’re blocking wouldn’t show up anywhere.

That’s the downside of just blocking IPs, especially considering the endless list of proxy sites.

If you’re just dealing with one troll, you could be adding single IPs until he gets bored and gives up.

You might look at other ways to block, if it’s a problem with the content that’s being posted. Depending on what the site’s running, and what the person is doing, maybe blocking certain content could help?

I’ve never looked into it, but you could probably find a list of known proxy IP ranges and just block them. There’s always a way around, but someone might get bored sooner if the common proxies he’s trying are already blocked.

Another option if it’s just a forum, blog comments, etc… would be to manually approve new registrations for awhile until he goes away.


:stuck_out_tongue: Maximum savings promo code: MaxSavingsAtDH


#9

Thanks for your reply. I know the “visitor” is accessing the site because I see the same IP in my access log that I denied yesterday. Except, I didn’t deny his IP, I denied the entire IP block as well as his country code. He still got by.

We’ve had a rash of malicious visitors on the site and he’s one of them. We don’t use a forum nor do we offer an area for comments. I understand getting in through a proxy but getting in through an IP block that’s denied, that I don’t get. The only difference with this range of numbers is that this IP has only 3 sets of numbers rather than 4. For example: xxx.xx.xx/19

I’ve double checked the route/inetnum range and it checks out elsewhere so I don’t understand it. I’ve blocked the single IP today just in case.


#10

Whether or not “he got by” is determined by the status code. You haven’t mentioned if the status code in the logs is 403 (“Forbidden”) or not.

… for those reading the thread that don’t know this, the .htaccess file is not a firewall, Apache will still register a hit in the server logs. You can’t stop somebody from sending a request this way - only what your web site sends in response.

:cool: openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7


#11

Which would be normal, even if he’s still there being disruptive… as it would just mean that he switched to yet another IP.

If there’s not a blog, forum, or any other way for users to contribute content… then I must be missing how he’s being a nuisance.

If he’s just sending annoying messages through a contact form, maybe try some sort of content filtering.

Or maybe add some sort of temporary spam protection, like using a script that doesn’t send the message until the sender verifies that their email address is valid by clicking a link sent to them. He might get bored sooner if he has to keep creating email accounts as they’re blocked.


:stuck_out_tongue: Maximum savings promo code: MaxSavingsAtDH


#12

[quote]Whether or not “he got by” is determined by the status code. You haven’t mentioned if the status code in the logs is 403 (“Forbidden”) or not.
[/quote]
I checked the error log before I posted and the IP was not listed. I also understand the the .htaccess file is not a firewall.

Snipped log entry: “GET / HTTP/1.1” 200

Did I conclude incorrectly that this was a successful visit?