The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Case 48372] IP Deny Manager Question

Discussion in 'General Discussion' started by RedactUK, Mar 27, 2011.

  1. RedactUK

    RedactUK Member

    Joined:
    Apr 22, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I usually maintain any IP address denies in my .htaccess manually, however I've just moved an account over to an new VPS, and while doing some admin in cPanel I looked at the IP Manager, and apart from list of IPs I know about from the .htaccess file the FIRST entry is Server=all Beinning IP=all Ending IP=all. Where is that coming from? I tried to remove it and it ignored my attempt.

    Thanks
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not sure what that is. You can't edit the htaccess manually and remove it?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Was this account on hostgator previously by chance?
     
  4. RedactUK

    RedactUK Member

    Joined:
    Apr 22, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    All I have in this .htaccess to test this is:

    Code:
    ## protect .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files> 
    
    ## ban IP addresses
    deny from 67.228.217.155
    deny from 75.126.156.15
    
    * Is must longer list of denies but removed for readability
     
  5. RedactUK

    RedactUK Member

    Joined:
    Apr 22, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    no it wasn't
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I asked because this was the only mention I could find of this:
    support.hostgator.com/articles/cpanel/how-do-i-deny-ip-address-access

    A screenshot of this area on one of my servers below, can you share yours please? (I'm curious about what you're seeing.)
     

    Attached Files:

  7. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    Can you comment these lines for a few moments and see if the =all still is visible in IP deny Manager.

    Code:
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>
    
    I believe for every "all" entry in .htaccess, cPanel IP deny manager will add such a line in "IP Deny Manager".

     
    #7 JawadArshad, Mar 27, 2011
    Last edited: Mar 27, 2011
  8. RedactUK

    RedactUK Member

    Joined:
    Apr 22, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Ok that removed the lines. I thought that was just applicable to .htaccess?! Additionally I have that same entry on other accounts on other servers and in not one single case does it cause these 'all' entries in IP Deny Manager. So I'm guessing that maybe for some reason the <files> section is not being parased correctly and instead just the 'deny all' is being picked up?

    Note: I'm running suPHP on this server. Does that interfere with the <Files .htaccess> section>
     
    #8 RedactUK, Mar 27, 2011
    Last edited: Mar 27, 2011
  9. JawadArshad

    JawadArshad Well-Known Member
    PartnerNOC

    Joined:
    Apr 8, 2008
    Messages:
    447
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    PK
    cPanel Access Level:
    DataCenter Provider
    It is not about SuPHP. If you comment only the line that contains "all", you should not get this entry in IP Deny Manager unless I am taking it wrong.

     
  10. RedactUK

    RedactUK Member

    Joined:
    Apr 22, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    The point is WHY is IP Deny Manager picking up the "deny all" i've quoted when that entry is specifically for .htaccess?! Either this is a bug with IP Deny Manager OR the <Files .htaccess> .... </Files> is not being parsed correctly.
     
  11. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    What I don't understand is why you'd have the following:

    Code:
    ## protect .htaccess
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files> 
    
    ## ban IP addresses
    deny from 67.228.217.155
    deny from 75.126.156.15
    When you have "deny from all" in your .htaccess in this way, then all IPs are denied and you can then only allow select IPs using "allow from IP#" rather than ban select IPs at that point. As such, first off, what is the purpose of having the initial "deny from all" entry then additional denied IPs? You are basically denying all IPs at the onset anyway. Once I understand the purpose, I could see why the IP deny manager is functioning the way it is, but right now, the configuration doesn't make sense to me. It would make sense if you wanted to deny all the IPs, then allow select IPs, but not to deny all IPs, then to deny more IPs afterward.

    Edit: All right, I should have woken up more first before replying above. I get what the issue happens to be. The denial is for the .htaccess file itself rather than the entire site configuration. Let me test this on a cPanel machine on the latest EDGE to see if it shows the same issue. If it does, then it is misreading the configuration by not properly parsing the fact it is stating only the .htaccess is denied not the entire site.
     
  12. RedactUK

    RedactUK Member

    Joined:
    Apr 22, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Tristan, I use the <Files .htaccess> section on all my accounts on my other server, and IP Deny Manager never shows a "deny all". This has only happened on this new VPS. Only reason I mention suPHP is that that is one of the difference between the setups, but maybe I've missed some WHM service/component that is affecting how the .htaccess file is being parsed.
     
    #12 RedactUK, Mar 28, 2011
    Last edited: Mar 28, 2011
  13. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I have been able to reproduce this issue per my testing on 11.28.86-EDGE_51183 and opened internal case #48372 about it. I've flagged this forum thread to that case number now. Thank you for bringing this to our attention.
     
  14. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    I tested it on DSO, CGI, suPHP and FCGI for the PHP handlers. It shows the all entries for every single PHP handler selected, so it isn't the handler impacting the setting. I've attached an example screen print of what is showing:

    Screen shot 2011-03-28 at 12.12.06 PM.png
     
  15. RedactUK

    RedactUK Member

    Joined:
    Apr 22, 2004
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for testing this, and I'll leave it with your guys for a future fix.

    It should be noted that it seems IP Deny Manager is just picking this up incorrectly for display and isn't actually denying all IPs (thankfully!)
     
  16. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You are right on that, RedactUK. IP Deny Manager itself isn't editing the .htaccess to change the entry from a <Files .htaccess></Files> one for denying. Because it isn't able to edit it, it isn't making it one that denies all IPs for the entire site.

    My case actually mentions the possibility for adding a content section for IP Deny Manager to where rather than simply denying IPs for the entire site, it might instead allow denying IPs along with set files and/or folders instead, since by being able to read an entry such as you've described for denying access to .htaccess, it is actually going to have to add a Content column in the existing page. If such a Content column is added, it would be nice to be able to specify a Content during the IP deny itself.
     
Loading...

Share This Page