Securing Apache on F13
Philip Prindeville
philipp_subx at redfish-solutions.com
Wed Oct 13 05:44:38 UTC 2010
I'm running F13 (updated) on x86_64 hardware.
I have a mostly stock install of httpd, plus mod_geoip.
I enabled server-status in conf/httpd.conf, and changed the certificate and key names in conf.d/httpd.conf...
Then I added conf/mod_setenvif.conf:
# LoadModule setenvif_module modules/mod_setenvif.so
BrowserMatch "^ZmEu$" is_a_bogon
BrowserMatch "^Morfeus Fucking Scanner$" is_a_bogon
BrowserMatch "^Toata dragostea mea pentru diavola$" is_a_bogon
BrowserMatch "^Made by ZmEu @ WhiteHat Team - www.whitehat.ro$" is_a_bogon
# work in conjuction with mod_geoip.c
<IfModule mod_geoip.c>
SetEnvIf GEOIP_COUNTRY_CODE AE is_a_bogon
SetEnvIf GEOIP_COUNTRY_CODE BG is_a_bogon
SetEnvIf GEOIP_COUNTRY_CODE CL is_a_bogon
SetEnvIf GEOIP_COUNTRY_CODE CN is_a_bogon
SetEnvIf GEOIP_COUNTRY_CODE RO is_a_bogon
SetEnvIf GEOIP_COUNTRY_CODE RU is_a_bogon
SetEnvIf GEOIP_COUNTRY_CODE VN is_a_bogon
# testing...
SetEnvIf GEOIP_COUNTRY_CODE US is_a_bogon
</IfModule>
LogFormat "is_a_bogon=%{is_a_bogon}e CC=%{GEOIP_COUNTRY_CODE}e" env
CustomLog logs/env_log env env=is_a_bogon
<Directory "/var/www/html">
Deny from env=is_a_bogon
</Directory>
Problem is that if I run a sample test, then I see:
is_a_bogon=1 CC=US
in the log files but the requested contents still get served, no 403 Forbidden...
What's stopping the last 3 lines from working?
Either (1) I've set /var/www/html as the context incorrectly, or (2) something else is explicitly setting "Allow" as the authorization.
How to go about debugging this?
Thanks,
-Philip
More information about the users
mailing list