Hi, Any reasons as to why not set the directives in the httpd.conf instead of .htaccess ? .htaccess only matters to requests for the directory it is in.
Fred Aaron Brown-5 wrote: > > I've been trying to block the litefinder malicious bot which scours our > site > every day and tries to access pages with the incorrect case, thus causing > crazy amounts of errors to get thrown. > > We have an Apache 2.2.4 front end using mod_jk to load balance against 9 > Tomcat instances on 6 separate machines. > > I have an .htaccess file that blocks based on user agent along with some > known ip addresses for the bot. This works correctly for all static > content. That is, when I change my browser's user agent to "litefinder", > and access the site, I am denied all gif, jpg, css, js, etc files. > However, > all the dynamic content is passed on to Tomcat without honoring the rules > in > .htaccess, thus not solving my problem. > > My question is basically, how do I/can I make Apache enforce my deny rules > even for JkMount'ed data? If you need more info, I'm happy to provide. > > Thanks! > Aaron > > ========================== > > Here is the .htaccess file in my webroot: > > #block litefinder malicious crawler > SetEnvIfNoCase User-Agent LiteFinder stayout=1 > Order Allow,deny > Allow from all > Deny from env=stayout > Deny from 208.101.44.3 > Deny from 209.160.65.42 > Deny from 209.62.109.178 > Deny from 216.40.220.34 > Deny from 216.40.222.50 > Deny from 216.40.222.66 > Deny from 216.40.222.82 > Deny from 216.40.222.98 > Deny from 67.19.114.226 > Deny from 67.19.250.26 > Deny from 70.85.113.242 > Deny from 74.53.243.226 > Deny from 74.53.243.242 > Deny from 74.53.244.18 > Deny from 74.53.249.34 > Deny from 74.86.209.74 > Deny from 74.86.249.98 > Deny from 75.125.18.178 > Deny from 75.125.47.162 > Deny from 75.125.52.146 > Deny from 84.19.176.208 > Deny from 87.118.118.111 > Deny from 87.118.98.57 > Deny from 87.118.98.62 > > Here is the relevant section from my httpd.conf > > <VirtualHost ****:80> > DocumentRoot **** > ServerName ***** > JkMount /jkstatus/* status > JkMount /* v3lb > JkMount /captcha/Captcha.jpg v3lb > JkUnMount /member/bzzmap/*.xml v3lb > JkUnMount /member/bzzmap/*.swf v3lb > JkUnMount /manager/* v3lb > JkUnMount /images/* v3lb > JkUnMount /awstats/* v3lb > JkUnMount /img/* v3lb > JkUnMount /js/* v3lb > JkUnMount /*.gif v3lb > JkUnMount /*.png v3lb > JkUnMount /*.pdf v3lb > JkMount /captcha/* v3lb > JkUnMount /member/campaigns/*.jpg v3lb > JkUnMount /*.css v3lb > JkUnMount /*.html v3lb > JkUnMount /*.mov v3lb > JkUnMount /*.wmv v3lb > JkUnMount /*.rm v3lb > JkUnMount /*.ram v3lb > #JkUnMount /*.swf v3lb > JkUnMount /*.mpeg v3lb > JkUnMount /*.mpg v3lb > JkUnMount /*.mp3 v3lb > JkUnMount /*.xml v3lb > JkMount /dwr v3lb > ErrorLog logs/www.error_log > CustomLog logs/www.access_log combined > </VirtualHost> > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Tomcat-and-Apache-Deny-rules-tf4956657.html#a14196976 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]