I am trying to understand what is happening. If I add one IP address to my blacklist using
Require not ip xxx.xxx.xxx.xxx
It just works, Apache 2.4 throws 403. Now I tried to use the whole range, and it still misses the request. I used:
Require not ip xxx.xxx.xxx.1 xxx.xxx.xxx.255
Apache 2.4 returns 200 instead of 403. What am I doing wrong?
thank
Edit : Here is a simple test case from my local network.
Require not ip 192.168.1.180/192.168.1.185
Used the computer on ip 192.168.1.183 and was not blocked at all.
Here my httpd.conf and ips are in a separate blacklist.txt file. It also works with one ip, the problem is only related to the RANGE of IP addresses.
<Directory "f:/root">
Options Indexes FollowSymLinks
AllowOverride All
<LimitExcept GET POST HEAD>
</LimitExcept>
<RequireAll>
Require all granted
Include conf/blacklist.txt
</RequireAll>
</Directory>
Edit2:
, , + GEOIP. xxx.xxx.xxx.0/xxx.xxx.xxx.255, mod_geoip , .
GEOIP:
<IfModule geoip_module>
GeoIPEnable On
GeoIPEnableUTF8 On
GeoIPOutput Env
GeoIPScanProxyHeaders On
GeoIPDBFile bin/GeoIP.dat MemoryCache
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
</IfModule>
BOTH blacklist GEOIP