Securing Apache on F13

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  I'm running F13 (updated) on x86_64 hardware.

I have a mostly stock install of httpd, plus mod_geoip.

I enabled server-status in conf/httpd.conf, and changed the certificate and key names in conf.d/httpd.conf...

Then I added conf/mod_setenvif.conf:

# LoadModule setenvif_module modules/mod_setenvif.so

BrowserMatch "^ZmEu$" is_a_bogon
BrowserMatch "^Morfeus Fucking Scanner$" is_a_bogon
BrowserMatch "^Toata dragostea mea pentru diavola$" is_a_bogon
BrowserMatch "^Made by ZmEu @ WhiteHat Team - www.whitehat.ro$" is_a_bogon

# work in conjuction with mod_geoip.c
<IfModule mod_geoip.c>
     SetEnvIf GEOIP_COUNTRY_CODE AE is_a_bogon
     SetEnvIf GEOIP_COUNTRY_CODE BG is_a_bogon
     SetEnvIf GEOIP_COUNTRY_CODE CL is_a_bogon
     SetEnvIf GEOIP_COUNTRY_CODE CN is_a_bogon
     SetEnvIf GEOIP_COUNTRY_CODE RO is_a_bogon
     SetEnvIf GEOIP_COUNTRY_CODE RU is_a_bogon
     SetEnvIf GEOIP_COUNTRY_CODE VN is_a_bogon
     # testing...
     SetEnvIf GEOIP_COUNTRY_CODE US is_a_bogon
</IfModule>

LogFormat "is_a_bogon=%{is_a_bogon}e CC=%{GEOIP_COUNTRY_CODE}e" env
CustomLog logs/env_log env env=is_a_bogon

<Directory "/var/www/html">
     Deny from env=is_a_bogon
</Directory>


Problem is that if I run a sample test, then I see:

is_a_bogon=1 CC=US


in the log files but the requested contents still get served, no 403 Forbidden...

What's stopping the last 3 lines from working?

Either (1) I've set /var/www/html as the context incorrectly, or (2) something else is explicitly setting "Allow" as the authorization.

How to go about debugging this?

Thanks,

-Philip

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux