cd34
06-03-2002, 07:33 AM
Just pulled a rule out of an .htaccess on a guys machine that was running UCJ. Its a rule that almost any CJ script might be tempted to use because it falls under a post of a generic .htaccess that is used to stop hitbotters.
the .htaccess contained the line:
deny from twnic.net
From what I could see, this was posted on another CJ site's board as a way to stop hitbotters.
Here's the flaw with that.
When you want a high performance apache server, you turn off DNS -- DNS resolution takes time, allocates sockets and does a wait for up to 27 seconds PER query until it logs it. It doesn't hold up processing until it runs out of available sockets and soon your machine is servicing DNS requests rather than Web Requests -- certainly not what you want.
But my host turned off DNS -- he told me so.
Yes, but Apache in its infinite wisdom doesn't know how to deny from twnic.net without doing a DNS request for ANY request on that virtual host that resides in or below the directory containing the .htaccess
What's worse is that most of twnic.net's sites don't have a valid reverse entry or has an entry that reverse maps to a school web site. As a result, the rule really has little effect except to slow down your server.
deny from 192.83.166
is a little better as it appears that twnic.net only has a /24 allocated to them.
This really applies to any .htaccess that contains a deny with any actual hostname rather than an IP. This is only when you do a deny from -- this doesn't affect mod_rewrite http_referrer rules, etc.
So, you might want to take a look at your .htaccess to make sure you don't have any deny from's that contain hostnames -- if so, comment them out and try to find the IP address block that belongs to the site in question.
If you have access to a unix shell account, you can do something similar to:
mcd@mcdlp:~$ host twnic.net
twnic.net A 192.83.166.11
mcd@mcdlp:~$ whois 192.83.166.0
Ministry of Education Computer Center (NET-TANET-BINET2)
12th Fl, 106, Hoping E. Road, Sec 2.
Taiwan Republic of China, R.O.C
TW
Netname: TANET-CNET2
Netblock: 192.83.166.0 - 192.83.166.255
then note the netblock -- most of the time it will tell you the number of IP addresses allocated to the host in question.
You might need to substitute nslookup for host in the above example depending on your ISP.
the .htaccess contained the line:
deny from twnic.net
From what I could see, this was posted on another CJ site's board as a way to stop hitbotters.
Here's the flaw with that.
When you want a high performance apache server, you turn off DNS -- DNS resolution takes time, allocates sockets and does a wait for up to 27 seconds PER query until it logs it. It doesn't hold up processing until it runs out of available sockets and soon your machine is servicing DNS requests rather than Web Requests -- certainly not what you want.
But my host turned off DNS -- he told me so.
Yes, but Apache in its infinite wisdom doesn't know how to deny from twnic.net without doing a DNS request for ANY request on that virtual host that resides in or below the directory containing the .htaccess
What's worse is that most of twnic.net's sites don't have a valid reverse entry or has an entry that reverse maps to a school web site. As a result, the rule really has little effect except to slow down your server.
deny from 192.83.166
is a little better as it appears that twnic.net only has a /24 allocated to them.
This really applies to any .htaccess that contains a deny with any actual hostname rather than an IP. This is only when you do a deny from -- this doesn't affect mod_rewrite http_referrer rules, etc.
So, you might want to take a look at your .htaccess to make sure you don't have any deny from's that contain hostnames -- if so, comment them out and try to find the IP address block that belongs to the site in question.
If you have access to a unix shell account, you can do something similar to:
mcd@mcdlp:~$ host twnic.net
twnic.net A 192.83.166.11
mcd@mcdlp:~$ whois 192.83.166.0
Ministry of Education Computer Center (NET-TANET-BINET2)
12th Fl, 106, Hoping E. Road, Sec 2.
Taiwan Republic of China, R.O.C
TW
Netname: TANET-CNET2
Netblock: 192.83.166.0 - 192.83.166.255
then note the netblock -- most of the time it will tell you the number of IP addresses allocated to the host in question.
You might need to substitute nslookup for host in the above example depending on your ISP.