Received: (qmail 14459 invoked by uid 2012); 3 Jun 1998 16:13:26 -0000 Message-Id: <19980603161326.14458.qmail@hyperreal.org> Date: 3 Jun 1998 16:13:26 -0000 From: Scott Webster Wood Reply-To: swood@richnet.net To: apbugs@hyperreal.org Subject: can't figure out how to use 'deny' for specific hosts X-Send-Pr-Version: 3.2 >Number: 2345 >Category: mod_access >Synopsis: can't figure out how to use 'deny' for specific hosts >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: support >Submitter-Id: apache >Arrival-Date: Wed Jun 3 09:20:00 PDT 1998 >Last-Modified: Wed Jun 3 09:50:36 PDT 1998 >Originator: swood@richnet.net >Organization: >Release: 1.2.6 >Environment: Linux RedHat v5.0 w/upgrades, kernel 2.0.33, gcc v2.7.2.3 uname -a Linux bigman.richnet.net 2.0.33 #2 Sat Apr 11 06:03:32 EDT 1998 i686 unknown >Description: I am trying to deny 'POST' capability from anonymizer.com - an anonymous web proxy that is open to anyone. I can't seem to figure out the proper combination of mod_access directives to make it work. Here is my current .htaccess file: AuthName BulletinBoardAnonDeny AuthType Basic ErrorDocument 403 http://www.richnet.net/wwwboard/anondeny.html Satisfy all order deny,allow deny from 209.75.196 .infonex.com .infonex.net .anonymizer.com allow from all >How-To-Repeat: try going to www.anonymizer.com - select their 'surf for free' and in the form fill-in field, enter: http://www.richnet.net/wwwboard try posting something (it allows it just fine) >Fix: I have tried changing the order, and various combination on the deny command line. Initially I did not include the Satisfy line either >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Wed Jun 3 09:50:35 PDT 1998 State-Changed-Why: Remove the Auth* directives and the satisfy any. You are telling Apache that _either_ your basic authentication restrictions have to be satisified or the domain based restrictions have to be satisfied by using the "satisfy any" directive. Yet your basic auth restrictions don't restrict it to any user, but allow everyone access so they can be always satisfied. >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ]