1

These .htaccess rules work:

<RequireAll>
Require all granted
Require not ip 1.22.333.444
.
.
.
</RequireAll>

These .htaccess rules don't work:

<RequireAll>
Require all granted
.
.
.
Require not host bad_host
</RequireAll>

These .htaccess rules don't work as well:

<IfModule mod_rewrite.c>
RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|poneytel) [NC]
RewriteRule .* - [F,L]
</IfModule>

I wrote into the .htaccess file at the top:

HostnameLookups On

The result was an error message, because this command is not allowed in .htaccess. So I removed this statement.

In Apache, there is a "remote_host" corresponds to a certain IP. I want tp prevent unwanted hosts to visit my site, such as spammers or such which generate much useless traffic in my site.

What is wrong in the code example above?

MrWhite
  • 43,179
  • 8
  • 60
  • 84
josefus
  • 47
  • 4
  • Explain what exactly you are trying to prevent. – deceze Dec 27 '20 at 18:50
  • I want to prevent unwanted hosts visiting my website. – josefus Dec 27 '20 at 18:52
  • 1
    How do you define a "host" exactly and why are they unwanted? – deceze Dec 27 '20 at 18:52
  • The visitor of my site has an IP, and to the IP corresponds a "REMOTE_HOST" in Apache. The IP / remote_host is unwanted if it is e.g. a spammer or makes useless traffic in my site. – josefus Dec 27 '20 at 19:00
  • Logfile example: Remote Host = aftr-62-216-208-229.dynamic.xxx-online.de IP = 62.216.000.999 – josefus Dec 27 '20 at 19:20
  • @josefus, could you please do mention on what will be the logic to understand if an IP is spam or not? As it's not clear as of now. – RavinderSingh13 Dec 27 '20 at 19:32
  • You need to include the actual directives, IPs and hostnames in order to check your rules. However, `HostnameLookups` is required (in your server config) for `REMOTE_HOST` to be set. But note that this puts more work on your server - which is why this is disabled by default and often disabled (permanently) on shared hosts. – MrWhite Dec 27 '20 at 20:06

1 Answers1

0

HostnameLookups needs to be set in the server config for the REMOTE_HOST server variable to be set. This cannot be set in .htaccess (as you have found). This is Off by default and is often permanently disabled on shared hosts for performance reasons.

However, Require [not] host bad_host is not dependent on HostnameLookups being set, so should still work (providing the host has not disabled this in some way). Note that bad_host allows partial matches, matched from the end and only complete host segments are matched. eg. ample.com and foo.bar.example will not match foo.bar.example.com, but example.com and bar.example.com will.

Note that Require [not] host causes Apache to perform a "double reverse DNS lookup". First the hostname is looked up (reverse DNS lookup) from the client IP address and then there is a forward lookup on the hostname to check that the IP address matches. If this does not match then the check fails.

Maybe a forward-dns only check is sufficient (requires Apache 2.4.19)? This only performs the reverse DNS lookup to get the hostname. The hostname is not validated.

For example:

Require not forward-dns example.com
MrWhite
  • 43,179
  • 8
  • 60
  • 84
  • Thx for the information about "Requ... not host". "Requ... not forward-d.." does not work, too. I think that this has the same rule as "Requ... not host". As shown in my text above, "RewriteCon. %{REM....." does not work, too. I will try it with the rule "from right". – josefus Dec 28 '20 at 19:02