Hi Folks.

I have a goof that keeps passing bogus POST data to a form on one of my web sites about every half hour.

I have the IP address.

I thought all I needed to do was modify httpd.conf and restart.

<Directory "/web">
Options FollowSymLinks Includes
AllOverride None
Order allow,deny
Allow from all
Deny from xxx.xxx.0.0/16
Deny from xx.xx.xxx.xxx
</Directory>

The last "Deny from" is what I added today. I presume that the original xxx.xxx.0.0/16 is working because addresses in that range no longer show up in my log files.

However, the one I added today, xx.xx.xxx.xxx isn't being blocked.

I tried xx.xx.xxx.xxx/32 as well.

I went back through Apache documentation and it looks like what I'm doing is correct.

Am I missing something?

Thanks in advance for any replies, especially in the next 8 minutes before my half-hourly scheduled visit from this person.

G.--

Try this:

<Directory "/web">
Options FollowSymLinks Includes
AllOverride None
Order deny,allow
Deny from xxx.xxx.0.0/16
Deny from xx.xx.xxx.xxx
Allow from all
</Directory>

Hmm. Unfortunately that didn't work (I think "Allow from all" at the end overrides all the "deny" lines, even if the order is deny,allow). Thank you for replying, however.

When I do it the original way I listed it, and use my own IP address, it "works." That is, if I try to request a web page from my server I get the Red Hat Linux Test Apache page and an error gets written to the error-log for the web site.

However, when I replace my address with the one of the goon in Russia that keeps POSTing to one of my pages, the lines still appear in the normal access-log, not the error-log, which is what is confusing me (and obviously I can't see what displays on their browser...).

No matter.

And that takes care of that.

G.--