"It says here that by 1925 we'll all be riding to work on specially bred horses with six legs. Average life expectancy will increase to 41 years, and medical science will enable us to surgically double the size of our ears so that we'll be able to hear as well as bats."
Daze of Our Lives

Blocking IPs w/o Apache Directives

April 15th, 2009 at 11:28 am (Fruit Bats)

apachechiefIt’s considered gauche, not to mention, fruitless, to block ips, but still there are times when brute force is required just to introduce some level of serenity on a site exposed to attack by web server spammers. The provision of subsidiary Apache directives for this purpose usually are not available at the document root level of the web server, so as to avoid unnecessary hits on server performance. In these instances, one has to make do without the handy .htaccess file full of directives to do all sorts of nifty things, among them, blocking ips with the ‘deny from’ command.

An alternative involves using a php script with methods for accomplishing the same objective placed at the head of a file. The targeted objective in this case is not the individual ip address, but ranges encompassing whole countries — as best as can be determined from resources on the web. The resource of interest here is called Country IP Ranges Generator. A target country from the list provided is selected. Next, ‘formatting by input’ is selected. The format to use: {startip}/{netmask}. A complete list is spat out when the “generate” button is clicked. Each line in the list represents a range of possible networks in the country selected. Here is the most current list for the whole of Afghanistan: 


#Afghanistan
58.147.128.0/255.255.224.0
110.34.40.0/255.255.248.0
117.55.192.0/255.255.240.0
117.104.224.0/255.255.248.0
119.59.80.0/255.255.248.0
121.100.48.0/255.255.248.0
121.127.32.0/255.255.224.0
125.213.192.0/255.255.224.0
202.56.176.0/255.255.240.0
202.86.16.0/255.255.240.0
203.174.27.0/255.255.255.0
203.215.32.0/255.255.240.0
210.80.0.0/255.255.224.0
210.80.32.0/255.255.224.0

For larger areas, such as China or the Russia Federation, these lists can be quite long, but still quite manageable. The ip ranges can be used selectively or wholesale depending on one’s policy. If you’re targeting a language group for inclusion in your web service, such as a forum or a weblog, you need to avoid wholesale blocking of countries who might include potential participants of the friendly sort. The thing is, the foes tend to wage their exploits from far-flung areas outside North America, if they can get away with it.
Continue reading “Blocking IPs w/o Apache Directives” »

MediaWiki Short URL Solution for Subdomains

April 8th, 2009 at 4:20 pm (Stubble)

The subdomain is particularly challenging for those who don’t want to be mucking about with httpd.conf files or otherwise cannot. That’s not to say it is less onerous to achieve the same result within the confines of a domain.

Most often, a subdomain, e.g., wiki.blancmange.net, is nothing more than a virtual domain that points to some subdirectory — in this case, wiki — in the htdoc/public_html root of the parent domain, i.e., blancmange.net (www.* is, as a rule, an alias of the parent domain, rather than a subdomain). In these cases, happily, the attainment of short urls involves only two simple steps (distilled from many hopeful but ultimately unworkable solutions). Assuming you have set up a subdomain called wiki.blancmange.net that points to a subdirectory /wiki, you need to:

  • Edit the LocalSettings.php file in the MediaWiki root directory.
  • Edit an .htaccess file that will reside in the same directory

In the LocalSettings.php file you will add or change the following to what was automagically generated during the setup of your MediaWiki install:

  • $wgScriptPath  = “”;
  • $wgArticlePath = “$wgScriptPath/$1″;

Just to be clear, the value assigned to the first variable is a pair of quotes (avoid using the smart quotes in this post).  The one assigned to the second variable is derivative of the first.  The effect is that the url for the main page will look like this:

wiki.blancmange.net/Main_Page

The next step is to add Apache mod_rewrite statements to the .htaccess file.  Here are the statements that seem to make it all happen:

RewriteEngine On
RewriteCond %{HTTP_HOST} wiki.blancmange.net
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?title=$1 [L,QSA]

The really key bit here is the second statement.  It does depend on permission to use .htaccess files.  With it present where it is, the 404 errors you’ve been confounded by are finally brought to an end.

Additional: add the following line to redirect common links to your wiki, just in case people have linked it that way. Assuming the same subdomain above, you would write the following in the .htaccess file, above the other entry:

RedirectMatch /wiki/(.*)$ http://wiki.blancmange.net/$1

This will forestall broken links, at least to some extent.

It should be noted that this has been achieved on versions 1.14.0 – 1.16.4.