apache-ultimate-bad-bot-blocker icon indicating copy to clipboard operation
apache-ultimate-bad-bot-blocker copied to clipboard

Published 20 hours ago verified publisher icon mitchellkrogza

Access control before and after bot blocker

Open hybiepoo opened this issue 6 years ago • 8 comments

I'm trying to get this working on an apache 2.4 system, but it seems to be all or nothing. If I don't include a Require all granted, I get 403 from everywhere. However if I add the Require all granted, the tests fail.

I'm using the following at the bottom of httpd.conf, which is AFTER the virtualhosts are included. <Location "/"> # AND-combine with preceding configuration sections AuthMerging And # include black list Include custom.d/globalblacklist.conf </Location>

Does globalblacklist replace all other permissions, or do I still need to have a Require all granted line somewhere? I have tried so many combinations, but nothing seems to work.

hybiepoo avatar Jan 12 '19 07:01 hybiepoo

+1

StefanS-O avatar Jan 21 '19 15:01 StefanS-O

Hi @hypieboo and @StefanS-O apologies for the delayed response. It took some time to get the current version working on 2.4 and passing the tests thrown at it inside the TravisCI build environment. It's not been tested in cases where any other permissions have been added into the config. My best suggestion is to strip it down to the way my templates and configs are setup for the Travis tests try get that working and then one by one start introducing any additional configs to see which breaks the permission chain. Personally I can't say I'm a fan of the new 2.4 structure of permissions it seems rather easy to mess up. The 2.2 version of the blocker can work on 2.4 using the mod_access_compat module. Let me know if you have any success.

mitchellkrogza avatar Jan 30 '19 06:01 mitchellkrogza

Hi @mitchellkrogza ,

thanks for your reply! I will try to use the 2.2 Version with mod_access_compat and see if it fixes the issue. I hope to report back till Friday.

StefanS-O avatar Jan 30 '19 08:01 StefanS-O

Hi @mitchellkrogza

i tried it using 2.2 with mod_access_compat and that seems to work correctly. I used it without automerging.

StefanS-O avatar Feb 04 '19 09:02 StefanS-O

Thanks for reporting back @StefanS-O

Anyone with time to really iron out the permissions blocks for 2.4 please go ahead.

mitchellkrogza avatar Feb 04 '19 10:02 mitchellkrogza

Seems to be related to #113

uleodolter avatar Feb 19 '19 20:02 uleodolter

Thanks for referencing this issue @uleodolter your discovery and help to isolate the bug should address a number of issues where 2.4 has not been playing along as it should.

mitchellkrogza avatar Feb 20 '19 05:02 mitchellkrogza

@hypieboo @StefanS-O please pull latest update including latest blacklist-ips.conf include as a critical flaw in logic has been addressed thanks to the help of @uleodolter

mitchellkrogza avatar Feb 20 '19 06:02 mitchellkrogza