0

I'm trying to use mod_evasive and mod_rewrite to accomplish this. With the configurations below apache just blocks all access to those URI's regardless of how many times a visitor accesses them within a given time frame.

So far i have create a map.db file like so:

touch /var/lock/apache2/map.db
chown www-data:www-data /var/lock/apache2/map.db
chmod 644 /var/lock/apache2/map.db

My apache2.conf contains this:

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

And my .htaccess file looks like this:

Options -Indexes
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteCond %{REQUEST_URI} ^/newthread.php$(\?.*)? [OR]
RewriteCond %{REQUEST_URI} ^/newreply.php(\?.*)?$
RewriteCond %{TIME_SEC},%{REMOTE_ADDR}:%{TIME_SEC}/180 ^(.*)\.(.*)$
RewriteMap dbm /var/lock/apache2/map.db
RewriteCond ${dbm:$2|$0} >1
RewriteRule .* /limit.html [L,R=302]
RewriteRule .* - [E=dbm:$2:$0]

<IfModule mod_expires.c>  
    # Turn on the module.
    ExpiresActive on
    # Set the default expiry times.
    ExpiresDefault "access plus 2 days"
    ExpiresByType image/jpg "access plus 1 day"
    ExpiresByType image/svg+xml "access 1 day"
    ExpiresByType image/gif "access plus 1 day"
    ExpiresByType image/jpeg "access plus 1 day"
    ExpiresByType image/png "access plus 1 day"
    ExpiresByType text/css "access plus 1 day"
    ExpiresByType text/javascript "access plus 1 day"
    ExpiresByType application/javascript "access plus 1 day"
    ExpiresByType application/x-shockwave-flash "access plus 1 day"
    ExpiresByType image/ico "access plus 1 day"
    ExpiresByType image/x-icon "access plus 1 day"
</IfModule>
Skilo83
  • 1
  • The config you've posted would result in a 500 Internal Server Error since the `RewriteMap` directive is not permitted in `.htaccess`. Please confirm. However, the mod_rewrite directives that follow `RewriteMap` don't make sense (there is no `$2` backreference in the rules you've posted). But the preceding _conditions_ don't make much sense either? Please describe in natural language what it is you are trying to do (and how). What does map.db contain, how is this maintained/populated (by mod_evasive)? How are you overriding mod_evasive's (default?) behaviour to block the request? – MrWhite Mar 05 '23 at 19:00

0 Answers0