Blocking users from certain TLD (Domain)

This is a discussion on Blocking users from certain TLD (Domain) within the Apache Web Server forums, part of the Web Server and Related Forums category; I have been asked by a customer to block users from .in domains (india) accessing their website. I have used ...


Go Back   Usenet Forums > Web Server and Related Forums > Apache Web Server

Reload this Page Blocking users from certain TLD (Domain)

FAQ Members List Calendar Search Today's Posts Mark Forums Read

 

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-15-2008
Mike
 
Posts: n/a
Default Blocking users from certain TLD (Domain)
I have been asked by a customer to block users from .in domains
(india) accessing their website.

I have used this in the vitual host config

=======================
<Location>
Deny from .in
Deny from *.in
</Location>
=======================

The above is not working. These 2 isps get to the site:

vsnl.net.in
airtelbroadband.in

Any idea why this deny is not working. Users from these isps should
now receive a forbidden message but theyre not
  #2 (permalink)  
Old 06-16-2008
Werner Flamme
 
Posts: n/a
Default Re: Blocking users from certain TLD (Domain)
Mike [15.06.2008 19:49]:
> I have been asked by a customer to block users from .in domains
> (india) accessing their website.
>
> I have used this in the vitual host config
>
> =======================
> <Location>
> Deny from .in
> Deny from *.in
> </Location>
> =======================
>
> The above is not working. These 2 isps get to the site:
>
> vsnl.net.in
> airtelbroadband.in
>
> Any idea why this deny is not working. Users from these isps should
> now receive a forbidden message but theyre not

Following <http://httpd.apache.org/docs/2.2/howto/access.html#host>,
("And, if you'd like to block access from an entire domain, you can
specify just part of an address or domain name:")

it should read

Deny from in

Looking at
<http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny>, the
Deny directive is allowed in Directory and .htaccess context - but not
in Location.

HTH
Werner

--
Werner Flamme, Abt. WKDV
Helmholtz-Zentrum für Umweltforschung GmbH - UFZ
Permoserstr. 15 - 04318 Leipzig
Tel.: (0341) 235-1921 - Fax (0341) 235-451921
http://www.ufz.de - eMail: werner.flamme@ufz.de
  #3 (permalink)  
Old 06-16-2008
Mike
 
Posts: n/a
Default Re: Blocking users from certain TLD (Domain)
On Mon, 16 Jun 2008 15:51:03 +0200, Werner Flamme
<werner.flamme@ufz.de> wrote:

>Mike [15.06.2008 19:49]:
>> I have been asked by a customer to block users from .in domains
>> (india) accessing their website.
>>
>> I have used this in the vitual host config
>>
>> =======================
>> <Location>
>> Deny from .in
>> Deny from *.in
>> </Location>
>> =======================
>>
>> The above is not working. These 2 isps get to the site:
>>
>> vsnl.net.in
>> airtelbroadband.in
>>
>> Any idea why this deny is not working. Users from these isps should
>> now receive a forbidden message but theyre not
>
>Following <http://httpd.apache.org/docs/2.2/howto/access.html#host>,
>("And, if you'd like to block access from an entire domain, you can
>specify just part of an address or domain name:")
>
>it should read
>
>Deny from in
>
>Looking at
><http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny>, the
>Deny directive is allowed in Directory and .htaccess context - but not
>in Location.
>
>HTH
>Werner


Hi
Thanks werner

Deny inside Location works for me for some reason. I tested it with
my own ip address

IN regard to using 'Deny from in' would this not have an effect on
all domains containing in therefore it would need to be .in to avoid
confusion
  #4 (permalink)  
Old 06-16-2008
HansH
 
Posts: n/a
Default Re: Blocking users from certain TLD (Domain)
"Mike" <me@privacy.net> schreef in bericht
news:thtc54peg1lgd0vfl3ub11k89c6edqnchl@4ax.com...
> On Mon, 16 Jun 2008 15:51:03 +0200, Werner Flamme
>>> <Location>
>>> Deny from .in
>>> Deny from *.in
>>> </Location>

>>> The above is not working. These 2 isps get to the site:
>>> vsnl.net.in
>>> airtelbroadband.in
>>>
>>> Any idea why this deny is not working. Users from these isps should
>>> now receive a forbidden message but theyre not
>>
>>Following <http://httpd.apache.org/docs/2.2/howto/access.html#host>,
>>("And, if you'd like to block access from an entire domain, you can
>>specify just part of an address or domain name:")
>>it should read
>>Deny from in
>>
>>Looking at
>><http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny>, the
>>Deny directive is allowed in Directory and .htaccess context - but not
>>in Location.
Directory *context* includes among others also the 'Location' directive.
http://httpd.apache.org/docs/2.2/sec...html#whatwhere

> IN regard to using 'Deny from in' would this not have an effect on
> all domains containing in therefore it would need to be .in to avoid
> confusion
Examples and text are not conclusive, apperantly the leading dot is
optional -and preferred by me-.

However, according to
http://httpd.apache.org/docs/2.2/mod...ost.html#allow
'only if the forward and reverse DNS are consistent and the hostname matches
will access be allowed [or blocked]'.
Fair chance most of the offending individual IP(s) lack a matching pair of
reverse and ordinary DNS records, leaving you at a mission impossible ...

Best bet will be to run whois on a few offending IPs and block their
subnets by e.g.
Deny From 203.200.0.0/16
Deny From 125.19.17.0/24

HansH
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 10:50 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0