Hi,
I have an apache-2.4.56 install on fedora37 and trying to block some
bots from accessing the site, unless they're trying to access our RSS
feeds. How can I do this?
I'm blocking the bots with SetEnvIF lines in the .htacess file in the
document root like:
SetEnvIf user-agent "(?i:libwww)" stayout=1
deny from env=stayout
<RequireAll>
Require all granted
Require not env stayout
</RequireAll>
However, creating an entry that explicitly allows access to the XML
files before or after doesn't seem to take effect:
RewriteRule linuxsecurity_features\.xml$ - [L]
It is still blocked by the user-agent setting above. I understood the
file was processed from the top down, and when a match is made, it stops
processing. Is that not the case? Shouldn't the RewriteRule above, if
placed before the env rule, be enough to stop processing the htaccess
file and allow access?
I've also tried adding these RewriteRule entries to the server config
htaccess with an Include, but it appears the .htaccess in the document
root is always processed afterwards, even after finding match in the
server config htaccess.
Thanks,
Dave
I have an apache-2.4.56 install on fedora37 and trying to block some
bots from accessing the site, unless they're trying to access our RSS
feeds. How can I do this?
I'm blocking the bots with SetEnvIF lines in the .htacess file in the
document root like:
SetEnvIf user-agent "(?i:libwww)" stayout=1
deny from env=stayout
<RequireAll>
Require all granted
Require not env stayout
</RequireAll>
However, creating an entry that explicitly allows access to the XML
files before or after doesn't seem to take effect:
RewriteRule linuxsecurity_features\.xml$ - [L]
It is still blocked by the user-agent setting above. I understood the
file was processed from the top down, and when a match is made, it stops
processing. Is that not the case? Shouldn't the RewriteRule above, if
placed before the env rule, be enough to stop processing the htaccess
file and allow access?
I've also tried adding these RewriteRule entries to the server config
htaccess with an Include, but it appears the .htaccess in the document
root is always processed afterwards, even after finding match in the
server config htaccess.
Thanks,
Dave