Hi syscon edm, So, I guess I am confused, first by mis-associating the CIDR values, and about this statement: "In .htaccess file I have a long list of IP-subnets (over 500-subnets) that I ban (mostly spammers)."
So, I suppose I would need to see all the blocked subnets in your .htaccess to compare them. If you want to post them, I don't mind looking at them a bit later (you can DM me, trod...@apple.com) But, yes, given this snippet: > Require not ip 152.32.186.0/24 > Require not ip 157.230.0.0/16 > Require not ip 157.7.160.0/22 > Require not ip 158.255.128.0/19 and this address: 157.55.39.252 I don't see the address being blocked in the .htaccess set you've shown. If you send your list of blocks, I don't mind coding up an analysis of the addresses, it should only take a few minutes. Regards, Travis On Wed, Feb 10, 2021 at 04:57:47PM -0700, syscon edm wrote: > Thanks for the input Travis. Maybe I wasn't clear. > I was blocking in .htaccess only: > .... > Require not ip 152.32.186.0/24 > Require not ip 157.230.0.0/16 > Require not ip 157.7.160.0/22 > Require not ip 158.255.128.0/19 > .... > > These CIDR: 157.60.0.0/16, 157.54.0.0/15, 157.56.0.0/14 (are not on > my list in .htaccess) > I just pull them up with "whois" to investigate. > > So how does IP apache blocked: "157.55.39.252" matches what I had in > my .htaccess file? > > On Wed, Feb 10, 2021 at 4:25 PM Travis Rodman <trod...@apple.com.invalid> > wrote: > > > > given this... > > --------------------------------------------------------------------- > > apache log: > > 157.55.39.252 - - [09/Feb/2021:17:04:33 -0700] "GET /product_info.php > > HTTP/1.1" 403 199 > > > > The above user is from Microsoft Network > > CIDR: 157.60.0.0/16, 157.54.0.0/15, 157.56.0.0/14 > > that does not appear on my list. > > > > So why my configuration is blocking that user? > > > > The apache .htaccess just blocked IP: 159.14.184.11 > > this is "Organization: The Children's Hospital of philadelphia" > > CIDR: 159.14.0.0/16 > > --------------------------------------------------------------------- > > > > using this to calculate the binary and the masks... > > echo "obase=2;$ip" | bc > > > > this: > > echo "obase=2;157" | bc > > echo "obase=2;54" | bc > > echo "obase=2;56" | bc > > echo "obase=2;60" | bc > > > > converts to this: > > 157 10011101 > > 60 00111100 > > 54 00110110 > > 56 00111000 > > > > 157 | 10011101 > > 55 | 00110111 > > 39 | 00100111 > > 252 | 11111100 > > > > 10011101.00110111.00100111.11111100 > > > > and doing the same with your CIDR masks against the input IP > > 157 60 | 10011101.00111100|.00000000.00000000 > > 10011101.00110111|.00100111.11111100 > > > > 157 54 | 10011101.0011011|0.00000000.00000000 > > 10011101.0011011|1.00100111.11111100 > > > > 157 56 | 10011101.001110|00.00000000.00000000 > > 10011101.001101|11.00100111.11111100 > > > > 157 | 10011101 > > 55 | 00110111 > > 39 | 00100111 > > 252 | 11111100 > > > > 10011101.00110111.00100111.11111100 > > > > shows this is the matching (rejecting) IP and mask > > this is the matching subnet: > > 157 54 | 10011101.0011011|0.00000000.00000000 > > 10011101.0011011|1.00100111.11111100 > > > > so, your 157.54.0.0/15 rule is matching (rejecting) 157.55.39.252 > > > > HTH, > > Travis > > > > On Wed, Feb 10, 2021 at 03:53:35PM -0700, syscon edm wrote: > > > I run apache-2.4.46 on linux > > > > > > In .htaccess file I have a long list of IP-subnets (over 500-subnets) > > > that I ban (mostly spammers). > > > But I've notices that my .htaccess prevent access to customers from IP > > > that are not on the ban list. > > > > > > In the .htaccess the IP's are listed in numerical order, eg.: > > > <Files history.txt> > > > Require all denied > > > </Files> > > > > > > <RequireAll> > > > Require all granted > > > > > > # block spammers: > > > ... > > > Require not ip 152.32.186.0/24 > > > Require not ip 157.230.0.0/16 > > > Require not ip 157.7.160.0/22 > > > Require not ip 158.255.128.0/19 > > > ... > > > </RequireAll> > > > > > > apache log: > > > 157.55.39.252 - - [09/Feb/2021:17:04:33 -0700] "GET /product_info.php > > > HTTP/1.1" 403 199 > > > > > > The above user is from Microsoft Network > > > CIDR: 157.60.0.0/16, 157.54.0.0/15, 157.56.0.0/14 > > > that does not appear on my list. > > > > > > So why my configuration is blocking that user? > > > > > > The apache .htaccess just blocked IP: 159.14.184.11 > > > this is "Organization: The Children's Hospital of philadelphia" > > > CIDR: 159.14.0.0/16 > > > > > > and that CIDR is not on my list, why apache is locking it? > > > Do these IP subnets need to be sorted in order for them to work correctly? > > > > > > I can post them here if somebody wants to test it, if it is OK. They > > > are just subdomains not an individual IP's. > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > > For additional commands, e-mail: dev-h...@community.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
