PDA

View Full Version : blocking IP address from CGI order form

Vaclav
12-22-2006, 07:15 PM
Hello,
Someone from IP address 196.3.63.252 (Nigeria) is placing fake orders on my CGI order form to test up to 100 stolen credit cards per month. Fortunately I have address verification system running but I want to ban this entire IP range 196.3.63.0 - 196.3.63.255 from accessing the order form.

I infer from some with similar problem that placing an .htaccess file in the cgi-bin directory with the following code should ban that IP but how to enter the entire IP range? Is the format below correct. I dare not test this as this is my live order form. Could anyone plese just confirm that this should work?

********************
Order Allow,Deny
Allow from all

Deny from 196.3

*********************

Thank you very much!
Have 2 sites on Futurequest since '98 :)

Vaclav
oneoceankayaks.com
johnfl68
12-22-2006, 07:23 PM
I could be wrong, but I think it would be this:

order allow,deny
deny from 196.3.
allow from all



I'm sure someone will tell me if I'm wrong. :confuz:

John
sheila
12-22-2006, 10:01 PM
don't you mean

196.3.63.

for the IP address?

with 196.3. you will catch much more than simply the range you mentioned of 196.3.63.0-196.3.63.255
Vaclav
12-22-2006, 11:23 PM
I understand. Thank you. It looks like the range is reserved for the following and I am fine with blocking all of these from the order form. I do not want these vandals to find another route and banning the entire network is fine.

196.3.0.0
Record Type: IP Address

African Network Information Center NET196 (NET-196-0-0-0-0)
196.0.0.0 - 196.255.255.255
University of the West Indies NETBLK-UWINET-CBLK (NET-196-3-0-0-1)
196.3.0.0 - 196.3.7.255
University of the West Indies UWINET3 (NET-196-3-0-0-2)
196.3.0.0 - 196.3.0.255


I wanted to know the syntax and format of the string which I gather is:
"deny from xxx.x." or "deny from xxx.x.xx." for less expansive ban.

Thank you
Vaclav
sheila
12-22-2006, 11:31 PM
As indicated in the Apache Documentation at
http://httpd.apache.org/docs/1.3/howto/auth.html#allowdeny

The format/syntax of the string is
deny from 11.22.33.44

I usually test this by temporarily putting my own IP address in the .htaccess file and see if it blocks me. Then I remove it and put the IP address that I really want.
Vaclav
12-23-2006, 02:17 AM
Thank you. I checked the Apache docs and the syntax for the single "xxx.xxx.xxx.xxx" IP address is clear. What I was asking which is not in the docs was the format for the entire range of IP's which had only two numbers "xxx.x." (it is the period or lack of at the end I am concerned about).
Your previous email answered that question. Thank you.

Vaclav
Kevin
12-23-2006, 02:21 AM
I believe you can use that notation however I have always preferred to use the subnet/netmask notation which in this instance would be:
deny from 196.3.0.0/255.255.0.0
Kevin
12-23-2006, 02:29 AM
Also, like Shiela said you can test this on your own IP. You can also test it in a different directory (even one you only created for the test) just to see what it does.