I have the vhost as follows:
<VirtualHost *:80>
ServerName somename.com
<Proxy *>
order deny,allow
Deny from 65.74.5.130
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass / http://0.0.0.0:8890/
ProxyPassReverse / http://0.0.0.0:8082/
</VirtualHost>
The IPs I put in the Proxy
section are not being blocked. Am I not understanding the correct deny/allow order? Or is there some other directive I need to be using?
Best Answer
Your
order
directive is wrong.Order
indicates how apache evaluatesallow
anddeny
directives. In anddeny,allow
configuration, you first specify your denied origins, and then the exceptions (allowed origins) to the denied list.As your banned IP matches both directives, you are introducing it as an exception to the deny rule, allowing it to access freely.
Use
order allow,deny
with the samedeny
andallow
directives you have to restrict its access:Note: the last parameter in
order
sets the default action if no match for neitherdeny
norallow
is found, so having axxxx from all
is not necessary, but most people like to set it explicitly.This is equivalent:
65.74.5.130
matches bothallow
anddeny
, applying order (1st allow, last deny), it will deny access.allow
, so it will allow acccess.to this:
65.74.5.130
matches onlydeny
, so it denies accessallow
ordeny
, so it will take the default actionallow
, allowing access.