htaccess file blocking wrong ip addresses troubleshoot log

[smower Profile]

Hello,

I have been using the ISAPI_Rewrite in our .htaccess file to block several hundred non US addresses from viewing our site. For example:

RewriteCond %{REMOTE_ADDR} 210\.203\..*\..*
RewriteRule (.*) $1 [F]

RewriteCond %{REMOTE_ADDR} 210\.212\..*\..*
RewriteRule (.*) $1 [F]

Unfortunately, we are having US users who are getting blocked and when they tell us their ip address, it can't be found in our htaccess file. Are there any trouble shooting tips on how to resolve this? If I delete all the data from the .htaccess files, these ip addresses can enter. Our host is AppliedI an iis provider.

Is there a way to log which lines or rules on the .htaccess file are kicking in and blocking access or rewriting urls?

Thank you in advance,
Shawn

[HeliconAndrew]

Hello,

We would suggest enabling the logging (see FAQ) and make a customized request from an IP that's being blocked. Provide us with the rewrite.log for the testing request. It's hard to tell without an IP and without the logs.

Regards
Andrew

[smower Profile]

Thank you. I asked our host Applied I about enabling logging in the httpd.conf and they said that is an Apache file but they are using IIS. They told me to add the following line to my .htaccess file:

RewriteLog D:\Domains\competitiveedgeproducts.com\wwwroot\rewrite.log

I did that, but the log file never gets created. I also tried:

RewriteLog "D:\Domains\competitiveedgeproducts.com\wwwroot\rewrite.log"

and it still does not get created. When I asked them why it wasn't getting created, they said maybe I had too many rules, but this rule is on line 5 and rules after it are working. They then said to contact you guys for assistance.

Please let me know what else to try to get logging to work.

Thanks!
Shawn

[HeliconAndrew]

Hi,

You may need to show them our FAQ, where it states:

you need to enable logging be putting the following lines into httpd.conf file (which resides in ISAPI_Rewrite installation folder)

Although the log could be a little too big as it is a shared server and log catches all server requests, not particular site's.

Regards,
Andrew

[smower Profile]

Thank you. So are you saying the httpd.conf file is not just an Apache file but it is a Windows file?

[HeliconAndrew]

Hello,

I'm saying that your provider probably referred to .htaccess file as Apache in the terms of syntax, which is almost true.

Regards
Andrew

[smower Profile]

Ok, so I emailed my provider and they can't leave logging on since it is a shared server so I need another way to test. What happens is that people with wireless provider sprint often can not access our website and get the forbidden error. I know the following two ip addresses were getting blocked by our website:
184.229.161.20
184.229.227.165

I tested a sprint card and every once in a while it would give those two ip addresses but now I can not get it to attach to either of those ip addresses so it is making testing really hard. Is there some other way that we can test those ip numbers against the .htaccess file?

[HeliconAndrew]

isn't it easier to adjust this rule for an IP from your friend's laptop? So that you'd test it on smth else, not SPRINT.

Regards
Andrew

[smower Profile]

I think I might have figured out why they were blocked. I have a rule that said

RewriteCond %{REMOTE_ADDR} 84\..*\..*\..*
RewriteRule (.*) $1 [F]

I think that is blocking it since it finds a partial match in these strings:
184.229.161.20
184.229.227.165

I assume I need to change it to:
RewriteCond %{REMOTE_ADDR} ^84\..*\..*\..*
RewriteRule (.*) $1 [F]

and that should fix the problem?

Also in terms of writing my htaccess code more efficiently, I have a lot of blocking ip ranges of rules like this:

RewriteCond %{REMOTE_ADDR} 83\.169\..*\..*
RewriteRule (.*) $1 [F]

RewriteCond %{REMOTE_ADDR} 83\.206\..*\..*
RewriteRule (.*) $1 [F]

RewriteCond %{REMOTE_ADDR} 83\.211\..*\..*
RewriteRule (.*) $1 [F]

RewriteCond %{REMOTE_ADDR} 83\.233\..*\..*
RewriteRule (.*) $1 [F]

RewriteCond %{REMOTE_ADDR} 84\..*\..*\..*
RewriteRule (.*) $1 [F]

RewriteCond %{REMOTE_ADDR} 85\.12\.25\..*
RewriteRule (.*) $1 [F]


So basically RewriteRule (.*) $1 [F] is repeated multiple times. Would the following syntax accomplish the same purpose?

RewriteCond %{REMOTE_ADDR} 83\.169\..*\..*
RewriteCond %{REMOTE_ADDR} 83\.206\..*\..*
RewriteCond %{REMOTE_ADDR} 83\.211\..*\..*
RewriteCond %{REMOTE_ADDR} 83\.233\..*\..*
RewriteCond %{REMOTE_ADDR} 84\..*\..*\..*
RewriteCond %{REMOTE_ADDR} 85\.12\.25\..*
RewriteRule (.*) $1 [F]

Thanks!
Shawn

[HeliconAndrew]

Hello,

your fix with '^' is 100%correct, but I'd adjust IP condition to be as following:

Code: Select all

RewriteCond %{REMOTE_ADDR} ^(?:84\..*\..*\..*|83\.211\..*\..*|85\.12\.25\..*|83\.233\..*\..*)
RewriteRule (.*) $1 [F]


Regards
Andrew

[smower Profile]

Thank you! So how long can one line be? If I have 300-400 ip address ranges can they all be done on 1 line or do I need to break them out into multiple lines?

Thanks,
Shawn

[HeliconAndrew]

Sure, if .htaccess is used only to block IP addresses and there're no other rule, shouldn't be a problem.

Regards
Andrew

[smower Profile]

Thank you! You have been very helpful.

Shawn