Thank you, I sent you the .htaccess file to the email address you provided.
On Wed, Feb 10, 2021 at 5:33 PM Travis Rodman <trod...@apple.com.invalid> wrote: > > Hi syscon edm, > > So, I guess I am confused, first by mis-associating the CIDR values, and > about this statement: > "In .htaccess file I have a long list of IP-subnets (over 500-subnets) that I > ban (mostly spammers)." > > So, I suppose I would need to see all the blocked subnets in your .htaccess > to compare them. > > If you want to post them, I don't mind looking at them a bit later (you can > DM me, trod...@apple.com) > > But, yes, given this snippet: > > Require not ip 152.32.186.0/24 > > Require not ip 157.230.0.0/16 > > Require not ip 157.7.160.0/22 > > Require not ip 158.255.128.0/19 > > and this address: > 157.55.39.252 > > I don't see the address being blocked in the .htaccess set you've shown. > > If you send your list of blocks, I don't mind coding up an analysis of the > addresses, it should only take a few minutes. > > Regards, > Travis > > On Wed, Feb 10, 2021 at 04:57:47PM -0700, syscon edm wrote: > > Thanks for the input Travis. Maybe I wasn't clear. > > I was blocking in .htaccess only: > > .... > > Require not ip 152.32.186.0/24 > > Require not ip 157.230.0.0/16 > > Require not ip 157.7.160.0/22 > > Require not ip 158.255.128.0/19 > > .... > > > > These CIDR: 157.60.0.0/16, 157.54.0.0/15, 157.56.0.0/14 (are not on > > my list in .htaccess) > > I just pull them up with "whois" to investigate. > > > > So how does IP apache blocked: "157.55.39.252" matches what I had in > > my .htaccess file? > > > > On Wed, Feb 10, 2021 at 4:25 PM Travis Rodman <trod...@apple.com.invalid> > > wrote: > > > > > > given this... > > > --------------------------------------------------------------------- > > > apache log: > > > 157.55.39.252 - - [09/Feb/2021:17:04:33 -0700] "GET /product_info.php > > > HTTP/1.1" 403 199 > > > > > > The above user is from Microsoft Network > > > CIDR: 157.60.0.0/16, 157.54.0.0/15, 157.56.0.0/14 > > > that does not appear on my list. > > > > > > So why my configuration is blocking that user? > > > > > > The apache .htaccess just blocked IP: 159.14.184.11 > > > this is "Organization: The Children's Hospital of philadelphia" > > > CIDR: 159.14.0.0/16 > > > --------------------------------------------------------------------- > > > > > > using this to calculate the binary and the masks... > > > echo "obase=2;$ip" | bc > > > > > > this: > > > echo "obase=2;157" | bc > > > echo "obase=2;54" | bc > > > echo "obase=2;56" | bc > > > echo "obase=2;60" | bc > > > > > > converts to this: > > > 157 10011101 > > > 60 00111100 > > > 54 00110110 > > > 56 00111000 > > > > > > 157 | 10011101 > > > 55 | 00110111 > > > 39 | 00100111 > > > 252 | 11111100 > > > > > > 10011101.00110111.00100111.11111100 > > > > > > and doing the same with your CIDR masks against the input IP > > > 157 60 | 10011101.00111100|.00000000.00000000 > > > 10011101.00110111|.00100111.11111100 > > > > > > 157 54 | 10011101.0011011|0.00000000.00000000 > > > 10011101.0011011|1.00100111.11111100 > > > > > > 157 56 | 10011101.001110|00.00000000.00000000 > > > 10011101.001101|11.00100111.11111100 > > > > > > 157 | 10011101 > > > 55 | 00110111 > > > 39 | 00100111 > > > 252 | 11111100 > > > > > > 10011101.00110111.00100111.11111100 > > > > > > shows this is the matching (rejecting) IP and mask > > > this is the matching subnet: > > > 157 54 | 10011101.0011011|0.00000000.00000000 > > > 10011101.0011011|1.00100111.11111100 > > > > > > so, your 157.54.0.0/15 rule is matching (rejecting) 157.55.39.252 > > > > > > HTH, > > > Travis > > > > > > On Wed, Feb 10, 2021 at 03:53:35PM -0700, syscon edm wrote: > > > > I run apache-2.4.46 on linux > > > > > > > > In .htaccess file I have a long list of IP-subnets (over 500-subnets) > > > > that I ban (mostly spammers). > > > > But I've notices that my .htaccess prevent access to customers from IP > > > > that are not on the ban list. > > > > > > > > In the .htaccess the IP's are listed in numerical order, eg.: > > > > <Files history.txt> > > > > Require all denied > > > > </Files> > > > > > > > > <RequireAll> > > > > Require all granted > > > > > > > > # block spammers: > > > > ... > > > > Require not ip 152.32.186.0/24 > > > > Require not ip 157.230.0.0/16 > > > > Require not ip 157.7.160.0/22 > > > > Require not ip 158.255.128.0/19 > > > > ... > > > > </RequireAll> > > > > > > > > apache log: > > > > 157.55.39.252 - - [09/Feb/2021:17:04:33 -0700] "GET /product_info.php > > > > HTTP/1.1" 403 199 > > > > > > > > The above user is from Microsoft Network > > > > CIDR: 157.60.0.0/16, 157.54.0.0/15, 157.56.0.0/14 > > > > that does not appear on my list. > > > > > > > > So why my configuration is blocking that user? > > > > > > > > The apache .htaccess just blocked IP: 159.14.184.11 > > > > this is "Organization: The Children's Hospital of philadelphia" > > > > CIDR: 159.14.0.0/16 > > > > > > > > and that CIDR is not on my list, why apache is locking it? > > > > Do these IP subnets need to be sorted in order for them to work > > > > correctly? > > > > > > > > I can post them here if somebody wants to test it, if it is OK. They > > > > are just subdomains not an individual IP's. > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > > > For additional commands, e-mail: dev-h...@community.apache.org > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > > For additional commands, e-mail: dev-h...@community.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
