htaccess的重定向通过IP地址范围 [英] htaccess redirecting by ip range

问题描述

我想在.htaccess文件中使用以下命令来阻挡IP地址范围。

所以1.2.3.0 - 1.2.3.154需要被阻塞的例子，但它不工作。为什么会出现这种情况？

 ＆LT; IfModule mod_rewrite.c＆GT;
的RewriteCond％{REMOTE_HOST} ^ 1 \ 0.2 \ 0.3 \ .0 / 154
的RewriteCond％{REQUEST_URI}！^ /澳大利亚-IP的限制？
的RewriteCond％{REQUEST_URI}！^ /模板/？
的RewriteCond％{REQUEST_URI}！^ /文件/？
的RewriteCond％{REQUEST_URI} /(.*)$
重写规则/(.*)$ /澳大利亚-IP的限制[R = 301，L]
＆LT; / IfModule＆GT;
 

解决方案

重定向和封锁IP地址与正则表达式是有风险的。您可以意外地阻止或创建一个重定向循环的所有网站的点击量，所以你需要某种到位对策。检查日志文件，以确保你正在寻求实际的工作，并注意假阳性的结果。浏览的网页，以确保它们工作打算。测试;对超出国家的IP访问限制的代理。

有世界里，你可以看一下不同的IP地址各地注册： Ripe.net ，<一个HREF =htt​​p://www.apnic.net/相对=nofollow> APNIC.net ， Arin.net 仅举几例。该IP地址，这些注册商负责是不连续的块。还有，人们曾试图收集在一个地方这些模块可通过国家名单。 Nirsoft 保留一些列表。它们是不完整的，任何方式和IP地址，每天换手。如果IP地址块原上市公司在澳大利亚被拾起像维珍移动或Microsoft的公司，你可能会意外地反弹，在英国或美国的流量。

如果你有机会到核心服务器的configs还是得安装软件包，能够保持下来的流量就可以安装服务器或安装的 iptables的并已IT块反复尝试，你不希望在交通领域。你也可以把它阻止超过速度阈值（'每秒2页）。

任何流量

让我们说你有，你告诉机器人来禁止所有在的robots.txt 列出的隐藏文件夹。如果你看到的流量到该文件夹​​，那么你可以假设它是人谁看着的robots.txt ，然后决定采取偷看。这可以被视为一个蜜罐的。此外，您还可以隐藏code，有您的文件中没有关键字的值，使之不可见于人类。当有人运行此code或跟随在code隐藏链接，您也可以将它们添加到罪犯的名单，如果他们不遵守robots.txt文件。

您可以在MySQL还设置数据库，并使用类似PHP语言为删除连接（或重定向异地）访问一个蜜罐，以及或尝试蛮力攻击登录表单或FTP帐户​​地址。我实现了Web表单上的数据库来跟踪谁已经完成了表格的人。如果有多个垃圾邮件的尝试它们添加到我的黑名单。

这是很容易阻止用户提供了反向查询和搜索他们的顶级域名为他们的国家code或阻止用户的浏览器请求一个网页在一个特定的母语比它要阻止的IP范围地址。

返回到您的例子

在你的code，每个的RewriteCond 行应该，除非你使用[或]是正确的。这里有一个更深入的参考与Apache 访问限制P>

REMOTE_HOST 是域名......所以这行：

 的RewriteCond％{REMOTE_HOST} ^ 1 \ 0.2 \ 0.3 \ .0 / 154
 

应该使用 REMOTE_ADDR 来代替：

 的RewriteCond％{REMOTE_ADDR} ^ 1 \ 0.2 \ 0.3 \（1 [0-4] [0-9] | 15 [0-4] | [0  - 9] [0-9] | [0-9]）$
重写规则^（。*）$澳大利亚-IP-限制[R = 301，L]
 

I'm trying to block off range of ip addresses by using below commands in .htaccess file.

So 1.2.3.0 - 1.2.3.154 needs to be blocked for example but it's not working. Why is this the case?

<IfModule mod_rewrite.c>
RewriteCond %{REMOTE_HOST} ^1\.2\.3\.0/154
RewriteCond %{REQUEST_URI} !^/australia-ip-restriction?
RewriteCond %{REQUEST_URI} !^/templates/?
RewriteCond %{REQUEST_URI} !^/files/?
RewriteCond %{REQUEST_URI} /(.*)$
RewriteRule /(.*)$ /australia-ip-restriction [R=301,L]
</IfModule>

解决方案

Redirecting and Blocking IP addresses with REGEX is risky. You can accidentally block or create a redirect loop for all traffic to your site, so you'll want some sort of countermeasures in place. Check log files to make sure the results you're seeking are actually working and watch for false positives. Visit the pages, make sure they work as intended. Test with a proxy for out-of-country IP access restrictions.

There are registrars around the world where you can look up various IP addresses: Ripe.net, APNIC.net, Arin.net to name a few. The IP addresses these registrars are responsible for are non-sequential in blocks. There are lists available by country where people have tried to collect these blocks in one place. Nirsoft maintains some of these lists. They are not complete by any means and IP addresses change hands on a daily basis. If a block of IPs originally listed to a company in Australia is picked up by a corporation like Virgin Mobile or Microsoft, you may end up accidentally bouncing traffic in the UK or the US.

If you have access to the core server configs or have the ability to install packages, to keep traffic down on the server you can install or setup iptables and have it block repeated attempts to areas you do not want traffic on. Also you can have it block any traffic that exceeds a speed threshold ('2 pages per second').

Let's say you have a hidden folder listed in robots.txt that you're telling bots to disallow all. If you see traffic to that folder then you can assume it's someone who looked in robots.txt and then decided to take a peek. This can be treated as a honeypot. Additionally you can hide code that has no keyword value inside of your documents and make it non-visible to humans. When someone runs this code or follows a hidden link in the code you can also add them to the list of offenders if they're not obeying your robots.txt file.

You can also setup databases in MySQL and use a language like PHP for dropping connections (or redirecting offsite) that access a honeypot as well or addresses that try to brute force attack a login form or an FTP account. I implement databases on web forms to keep track of people who have already completed the form. If there are multiple spam attempts they're added to my blacklist.

It's much easier to block users with a reverse look-up and searching out their TLD for their country code or by blocking users whose browser asks for a page in a specific native language than it is to block ranges of IP addresses.

Back to your example

In your code, each of the RewriteCond lines should be true unless you're using [or]. Here is a more in-depth reference for access restrictions with Apache

REMOTE_HOST is for domain names... so this line:

RewriteCond %{REMOTE_HOST} ^1\.2\.3\.0/154

Should be using REMOTE_ADDR instead:

RewriteCond %{REMOTE_ADDR} ^1\.2\.3\.(1[0-4][0-9]|15[0-4]|[0-9][0-9]|[0-9])$
RewriteRule ^(.*)$ australia-ip-restriction [R=301,L]

这篇关于htaccess的重定向通过IP地址范围的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！