Greetings -

I'm running apache 2.0.49 with mod_ssl/2.0.49, PHP/4.3.7 and OpenSSL/0.9.7d,
under RH GNU/Linux. Recently, I've been getting 100's of hits from a a machi
ne
in the CompSci department at an large not-to-be-named university on the West
Coast. While I'm not entirely sure what its up to (experiemental search bot?
), I
decided to try to deny them access until I can figure out the details.

So, simple enough - or so I thought. I simply hack my httpd.conf file, using
 a
'deny from' directive.

Lets pretend the name of the offedning machine is annoying.box.edu

Near the top of my httpd.conf file I have

<Directory "/home/www/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
# prevent accesses from abusive location
deny from annoy.box.edu
</Directory>


I restart apache, and assume connections to port 80 from annoying.box.edu wi
ll
be denied.

Alas - no such luck. When I look at the serve status, or read the logs, I se
e
said machine is still happily connecting away.

Weird - I know 'deny from' usually* works - if I put 'deny from' my desktop
machine, my web server does just as expected - it denies access to port 80 f
rom
my desktop machine.

So, how can a machine that I explicitly 'deny from' in my httpd.conf file st
ill
be able to access my web server? Any ideas welcomed.

Thanks in advance...

[ Post a follow-up to this message ]