Hi all,
I realize that this has nothing to do with open sense, but since there must be knowledgeable network pros here, and I know of no other network-related resource, I hope I may ask.
In my infrastructure, there is a web site on Apache, and it has a contact form with captcha. Some spammers employ human data entry staff, and they get through. Others employ AI bots that also get through. My predecessor set up an .htaccess file with a 'Require not ip' element, to which we keep adding networks owned by the hosting companies from which attacks originate. This helps cut down on spam, but when I started here I began to notice odd behavior:
- if I add my LAN IP to the 'Require not ip' line, then Apache won't let me access the site while I can still access it from other LAN IPs, which is expected and good
but
- every once in a while I resolve the spammer's IP and want to add the subnet that it belongs to, but it is already in the .htaccess file, so it should not have been able to access the contact form
So far, I had 2 such incidents out of a few dozens of added subnets, so the failure rate of this design seems to be quite low but still above zero.
I am so confused because Apache documentation plainly states that 'Require not ip' blocks access, period.
Do I misunderstand anything about it? Maybe it is the format that I use, for example 192.168.0.0/24, but it seems to work for real LAN subnets, so it should work for public addresses as well.
J.
Also, inexplicably, line continuation described at https://httpd.apache.org/docs/2.4/configuring.html#page-header does not seem to work for 'Require not ip' element that keeps growing. It only seems to work when all of the subnets are on one line, but when I terminate it at let's say 256th column with a backslash, the site does not load due to internal server error. Revert to the single line, and all is nice and dandy again.
So, either I misunderstand everything that I read in Apache dox, or Apache does not work the documented way. This really feels so weird.