Page 1 of 1

Composr: apache access DENY vs REQUIRE NOT IP

Posted: Tue May 21, 2019 3:46 pm
by Stevyn
Hello,

right now the composr system works with the apache2 webserver but if you upgrade to apache2.4+ you will need to also use the "access_compat" module as some of apache language has changed.

I am using the "apache ultimate bad bot blocker"
https://github.com/mitchellkrogza/apach ... ot-blocker

I am using the new version of the bad bot blocker which uses the new apache language, and "access_compat" module is not used…. so to fix…

copy /sources/failure.php to /sources_custom/failure.php

edit /sources_custom/failure.php

find the function add_ip_ban around line 754 or so.
replace the 'deny ' with 'Require not ip ' in 4 locations.

find the function remove_ip_ban
replace the 'deny ' with 'Require not ip ' in 2 locations.

edit your /.htaccess
towards the very bottom change so it looks something like this:

Code: Select all

<RequireAll>
Require all granted
# IP bans go here (leave this comment here! If this file is writeable, Composr will write in IP bans below, in sync with its own DB-based banning - this makes DOS/hack attack prevention stronger)
# Require not ip xxx.xx.x.x (leave this comment here!)
Require not ip 212.7.220.20

</RequireAll>
reload your website to make sure the .htaccess is OK
I have not tested the failure.php but assume that bit will work.

NOTE: check other .htaccess files in other directories and update if needed

https://compo.sr/forum/topicview/browse ... eny-vs.htm