Jump to content
GwilliamP

Htaccess not blocking private IP addresses?

Recommended Posts

Yes it is an old site (osCommerce Online Merchant v2.2 RC2a).

I am trying to block 10.x.x.x addresses. This is a hosted site so maybe from internal addresses on the hosting system?

In the domain root is the htaccess file, with permissions set to 755, which contains the following;

<snip>
order allow,deny
deny from 4.79.204.36
deny from 5.9.54.16
deny from 5.39.85.81
deny from 10.179.0.0/30
deny from 37.187.56.47
<snip>
allow from all
<snip>
 

But I am still seeing 10.x.x.x entries.

who.thumb.jpg.ef807067885c8bd36943e4a92318a8be.jpg

I have tried quite a few variants of the "deny from 10.179.0.0/30" line from a simple "10" to what is there now.

Am I missing something simple or just being dumb?

Share this post


Link to post
Share on other sites
deny from 10.0.0.0/8

would match all 10. addresses and not match anything that does not start with a 10.  The /8 is how many bits from the beginning to mask.  There are eight bits in each group (thirty-two total in the four groups of numbers).  So the /8 says just look at the first number.  10.179.0.0/16 would have at least worked against addresses that started with 10.179.  But 10.179.0.0/30 would only match 10.179.0.0 through 10.179.0.3. 

Some other things to consider. 

What version of Apache? 

If 2.4 or later, do you have mod_access_compat installed? 

Is AllowOverride and AllowOverrideList set in a way that allows you to use mod_access from a .htaccess file? 

This isn't really an osCommerce question.  You might get better help either from your host or from an Apache forum. 


Always back up before making changes.

Share this post


Link to post
Share on other sites

Thank you.
changed to 10.0.0.0/8 so will monitor for a while to see.

Apache  - no idea or how to find out. Linux 4.9.166kvmcap, PHP Version: 5.3.29.
Unable to match "mod_access_compat" in the server info page.

If your suggestion does not work I will take your advice and look for a more apropriate forum.

Share this post


Link to post
Share on other sites

It should tell you your Apache version on admin > Tools > Server Info page, under HTTP Server. 


Always back up before making changes.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×