Results 1 to 9 of 9
  1. #1
    Join Date
    Feb 2007
    Posts
    284
    Plugin Contributions
    0

    Default deny from in .htaccess

    How to deny from in .htaccess


    NetRange: 47.74.0.0 - 47.87.255.255

    CIDR: 47.74.0.0/15, 47.76.0.0/14, 47.80.0.0/13

  2. #2
    Join Date
    Feb 2009
    Location
    UK
    Posts
    1,295
    Plugin Contributions
    1

    Default Re: deny from in .htaccess

    Google knows.
    Simon

  3. #3
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,462
    Plugin Contributions
    11

    Default Re: deny from in .htaccess

    With a line entry.

    # Block all IPs starting with 192.168.1
    Deny from 192.168.1


    # Block another range, 10.0.0.0 - 10.0.0.255
    Deny from 10.0.0


    # Allow access from all other IPs
    Allow from all


    The large range you mention needs to be broken out.

    # Deny access to the IP range 47.74.0.0 - 47.87.255.255
    Deny from 47.74.0.0/16
    Deny from 47.75.0.0/16
    Deny from 47.76.0.0/16
    Deny from 47.77.0.0/16
    Deny from 47.78.0.0/15
    Deny from 47.80.0.0/13
    Deny from 47.88.0.0/13



    Explanation:

    • 47.74.0.0/16 covers 47.74.0.0 - 47.74.255.255
    • 47.75.0.0/16 covers 47.75.0.0 - 47.75.255.255
    • 47.76.0.0/16 covers 47.76.0.0 - 47.76.255.255
    • 47.77.0.0/16 covers 47.77.0.0 - 47.77.255.255
    • 47.78.0.0/15 covers 47.78.0.0 - 47.79.255.255
    • 47.80.0.0/13 covers 47.80.0.0 - 47.87.255.255

  4. #4
    Join Date
    Feb 2007
    Posts
    284
    Plugin Contributions
    0

    Default Re: deny from in .htaccess

    Thanks dbltoe, I appreciate the explanation.

  5. #5
    Join Date
    Jun 2008
    Location
    Japan
    Posts
    201
    Plugin Contributions
    7

    Default Re: deny from in .htaccess

    'deny from' is for old Apache 2.2 version. Apache 2.4 uses 'Require'.
    Old way still works but mixing it with actual directives will lead you to troubles.

  6. #6
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,462
    Plugin Contributions
    11

    Default Re: deny from in .htaccess

    The good thing is that, althogh deprecated in Apache 2.4, the deny/allow entries will still work.

    Unless you are confident you are using Apache 2.4, using deny/allolw is safe. Using require before 2.4 will fail.

  7. #7
    Join Date
    Jun 2008
    Location
    Japan
    Posts
    201
    Plugin Contributions
    7

    Default Re: deny from in .htaccess

    Quote Originally Posted by dbltoe View Post
    The good thing is that, although deprecated in Apache 2.4, the deny/allow entries will still work.

    Unless you are confident you are using Apache 2.4, using deny/allolw is safe. Using require before 2.4 will fail.
    Seriously?!
    Apache 2.4 was released in 2012... 13 years ago!
    It is not that safe, I remember a bug in Image Handler 5 where images could not be written in cache folder because of use of 'deny from'. When used together with 'require' on same site, results are unpredictable.
    For Apache 2.4 access, a quick and easy Google search gives this:
    https://httpd.apache.org/docs/2.4/howto/access.html

    If you want to be compatible with Apache 2.2 (when distributing plugins for exemple), you should use some conditinnal test like this:
    Code:
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order Allow,Deny
        Deny from all
    </IfModule>

  8. #8
    Join Date
    Sep 2009
    Location
    Stuart, FL
    Posts
    13,362
    Plugin Contributions
    94

    Default Re: deny from in .htaccess

    Quote Originally Posted by pilou2 View Post
    Seriously?!
    Apache 2.4 was released in 2012... 13 years ago!
    It is not that safe, I remember a bug in Image Handler 5 where images could not be written in cache folder because of use of 'deny from'. When used together with 'require' on same site, results are unpredictable.
    For Apache 2.4 access, a quick and easy Google search gives this:
    https://httpd.apache.org/docs/2.4/howto/access.html

    If you want to be compatible with Apache 2.2 (when distributing plugins for exemple), you should use some conditinnal test like this:
    Code:
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order Allow,Deny
        Deny from all
    </IfModule>
    I agree that @pilou2's suggestion is the best approach. FWIW, that's how the as-shipped Zen Cart's /includes/.htaccess is coded.

  9. #9
    Join Date
    Jan 2004
    Location
    N of San Antonio TX
    Posts
    9,462
    Plugin Contributions
    11

    Default Re: deny from in .htaccess

    True, it is the better approach, but, not being aware of the OP's settings or hosting, I chose to suggest deny.

    Just like the .htaccess has the fallback to deny, I suggested deny as a safety net.

    Most hosts who are using Apache 2.4.# are also running mod_access_compat to still allow deny to work.

    Thanks for going the extra bit as it will help someone in the future to know all the options.

 

 

Similar Threads

  1. .htaccess to direct from /catalog/ to root
    By Doodlebuckets in forum General Questions
    Replies: 5
    Last Post: 24 Oct 2009, 07:47 PM
  2. How to deny PO BOX?
    By nrg77 in forum General Questions
    Replies: 8
    Last Post: 4 Feb 2008, 10:35 PM
  3. Deny registration
    By scottb in forum General Questions
    Replies: 8
    Last Post: 9 Nov 2006, 04:29 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR