Planet Skyron

It’s considered gauche, not to mention, fruitless, to block ips, but still there are times when brute force is required just to introduce some level of serenity on a site exposed to attack by web server spammers. The provision of subsidiary Apache directives for this purpose usually are not available at the document root level of the web server, so as to avoid unnecessary hits on server performance. In these instances, one has to make do without the handy .htaccess file full of directives to do all sorts of nifty things, among them, blocking ips with the ‘deny from’ command.

An alternative involves using a php script with methods for accomplishing the same objective placed at the head of a file. The targeted objective in this case is not the individual ip address, but ranges encompassing whole countries — as best as can be determined from resources on the web. The resource of interest here is called Country IP Ranges Generator. A target country from the list provided is selected. Next, ‘formatting by input’ is selected. The format to use: {startip}/{netmask}. A complete list is spat out when the “generate” button is clicked. Each line in the list represents a range of possible networks in the country selected. Here is the most current list for the whole of Afghanistan:

#Afghanistan
58.147.128.0/255.255.224.0
110.34.40.0/255.255.248.0
117.55.192.0/255.255.240.0
117.104.224.0/255.255.248.0
119.59.80.0/255.255.248.0
121.100.48.0/255.255.248.0
121.127.32.0/255.255.224.0
125.213.192.0/255.255.224.0
202.56.176.0/255.255.240.0
202.86.16.0/255.255.240.0
203.174.27.0/255.255.255.0
203.215.32.0/255.255.240.0
210.80.0.0/255.255.224.0
210.80.32.0/255.255.224.0

For larger areas, such as China or the Russia Federation, these lists can be quite long, but still quite manageable. The ip ranges can be used selectively or wholesale depending on one’s policy. If you’re targeting a language group for inclusion in your web service, such as a forum or a weblog, you need to avoid wholesale blocking of countries who might include potential participants of the friendly sort. The thing is, the foes tend to wage their exploits from far-flung areas outside North America, if they can get away with it.
Read the rest of this entry »

The subdomain is particularly challenging for those who don’t want to be mucking about with httpd.conf files or otherwise cannot. That’s not to say it is less onerous to achieve the same result within the confines of a domain.

Most often, a subdomain, e.g., wiki.blancmange.net, is nothing more than a virtual domain that points to some subdirectory in the htdoc/public_html root of the parent domain, i.e., blancmange.net (www.* is, as a rule, an alias of the parent domain, rather than a subdomain). In these cases, happily, the attainment of short urls involves only two simple steps (distilled from many hopeful but ultimately unworkable solutions):

• Edit the LocalSettings.php file in the MediaWiki root directory.
• Edit an .htaccess file that will reside in the same directory

In the LocalSettings.php file you will add or change the following to what was automagically generated during the setup of your MediaWiki install:

• $wgScriptPath  = “”;
• $wgArticlePath = “$wgScriptPath/$1″;

Just to be clear, the value assigned to the first variable is a pair of quotes (avoid using the smart quotes in this post).  The one assigned to the second variable is derivative of the first.  The effect is that the url for the main page will look like this:

wiki.blancmange.net/Main_Page

The next step is to add Apache mod_rewrite statements to the .htaccess file.  Here are the statements that seem to make it all happen:

RewriteEngine On
RewriteCond %{HTTP_HOST} wiki.blancmange.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?title=$1 [L,QSA]

The really key bit here is the second statement.  With it present where it is, the 404 errors you’ve been confounded by are finally brought to an end.

It should be noted that this was achieved on version 1.14.0.