.htaccess on server boru

[bdistler]

I have a open ticket to get my log files
but without the log files I can not see what IP
the server thinks I am (my IP here)

on server boru
put .htaccess under /public_html
receive a 403 error
remove .htaccess
I can get in

goto my paid account on server skyy
put .htaccess under /public_html
I can get in

It is the same file
I know .haccess can be a pain in you know what
but I never had this where it works on one server and not the other

Any info ????

Thanks

 

[Anna]

Our free servers have a completely different setup form the paid servers, so the .htaccess may need some altering to work.

For instance, adding RewriteBase / could be needed depending on what you are trying to achieve with .htaccess

 

[bdistler]

Our free servers have a completely different setup form the paid servers, so the .htaccess may need some altering to work.

For instance, adding RewriteBase / could be needed depending on what you are trying to achieve with .htaccess

.htaccess
==>

<Files *>
order deny,allow
deny from all
allow from myIPaddress
</Files>

<==

 

[bdistler]

Where do I locate the "setup" info for .htaccess files on the free servers ????

 

[Anna]

the only thing that might be a problem with your current code, is that we have load balancing in place, which means you might need to use HTTP_REFERER to actually get the end viewers IP and not one of the load balancing servers.

 

[bdistler]

In my current .htaccess file I use my real IP address for "myIPaddress"
which does not work

So how do I within .htaccess use HTTP_REFERER to set the "allow from" IP ????

 

[descalzo]

RewriteCond %{HTTP:X_FORWARDED_FOR}     !^123\.44\.55\.101$ 
RewriteRule ^(.*)$ - [F]

Replacing the IP with yours. Should work.

 

[bdistler]

RewriteCond %{HTTP:X_FORWARDED_FOR}     !^123\.44\.55\.101$
RewriteRule ^(.*)$ - [F]

This code used AS IS will let me in - I assume it will let anyone in

I am trying to block ALL but my IP

 

[Anna]

If you have that applied right now, I can inform you that I do NOT get in, I get a forbidden message.

 

[bdistler]

This is what I have right now

order deny,allow
deny from all
allow from XXX.XXX.XXX.XXX

The thing is it block you AND me

---------- Post added at 04:02 PM ---------- Previous post was at 11:48 AM ----------

If my IP was 123.456.789.012

RewriteEngine On
RewriteCond %{HTTP:X_FORWARDED_FOR} !^123\.456\.789\.012$
RewriteRule ^(.*)$ - [F]

Throws this error
==>
Forbidden
You don't have permission to access /test.php on this server.
Additionally, a 500 Internal Server Error error was encountered...
<==

While

order deny,allow
deny from all
allow from 123.456.789.012

Throws this error
==>
Forbidden
You don't have permission to access /test.php on this server.
Additionally, a 403 Forbidden error was encountered...
<==

One is error-500 the other is error-403
they both keep everyone and me out

What I am trying to do is keep everyone else out and let me in

 

[descalzo]

One is error-500 the other is error-403
they both keep everyone and me out

What I am trying to do is keep everyone else out and let me in

No, they are both 403 errors.
And, yes, we know what you want to do. The question is how to accomplish it.

A better questions would be WHY? Free hosting accounts are for websites. This doesn't sound like a website to me.

 

[bdistler]

AFTER I get it to "keep everyone else out and let me in"

I will go back to:

<Files *>
order deny,allow
deny from (bad guy #1 IP or CIDR)
deny from (bad guy #2 IP or CIDR)
deny from (bad guy #3 IP or CIDR)
.
.
.
</Files>

under "public_html"
however in some dir's under that I will "keep everyone else out and let me in"
or just "keep everyone out"

---------- Post added at 03:03 PM ---------- Previous post was at 12:50 PM ----------

Is 'HTTP_REFERER' a domain or IP ????

 

[Brandon]

HTTP_REFERER would be a URL, so a domain. I don't think what you are trying to do will work due to this setup.

 

[bdistler]

HTTP_REFERER would be a URL, so a domain. I don't think what you are trying to do will work due to this setup.

That is my understanding (now) that it is a URL

So how would this work from "descalzo" (on page #1) ????
it will NOT work for me

RewriteCond %{HTTP:X_FORWARDED_FOR} !^123\.44\.55\.101$
RewriteRule ^(.*)$ - [F]

Replacing the IP with yours. Should work.

Thanks

 

[leafypiggy]

Descalzo's method should theoretically work because of how our load-balancing web servers are set up.

I could go into technical detail, but essentially the server forwards all requests to a cluster of reverse proxy servers. Unfortunately, all headers sent to these servers have the IP of the server you're on (in this case, boru) rather than the actual client's IP.

X_FORWARDED_FOR/REAL returns the client's IP, instead of the server's IP.

I see no reason why you can't use this in your deny block, but I'm not an apache expert.. So I'd consult apache docs (google it), or ask about it in #httpd on freenode's IRC. (though you must have patience to go there.)