mitchellkrogza / apache-ultimate-bad-bot-blocker

Apache Block Bad Bots, (Referer) Spam Referrer Blocker, Vulnerability Scanners, Malware, Adware, Ransomware, Malicious Sites, Wordpress Theme Detectors and Fail2Ban Jail for Repeat Offenders
Other
826 stars 181 forks source link

[INSTALLATION] More Issues with Apache #209

Open s22-tech opened 3 months ago

s22-tech commented 3 months ago

Apparently, the problems I'm having with this script go much deeper than I reported before. Even though the tests I ran were successful in blocking a test agent or a referer from the cli, looking in Apache's error_log shows a massive amount of lines like this:

% tail -f /var/log/apache2/error_log
...
2024-08-13 02:41:40.539364 [INFO] [3554907] [T0] [xxx.xxx.xxx.xxx:34390#APVH_domain.com:443] [ACL] Access to context [/] is denied!
...

Not only that, but this script also prevents a deflector map script of mine from working. When I pull globalblacklist from httpd.conf, all those messages stop and my other script starts working again.

To test further, I deleted all custom data (while leaving the files in place, as instructed) but that didn't stop the problems. Even with only a stock globalblacklist.conf file, the problems continued. So, unless there's a problem with this script that no one else has reported (doubtful), the only thing I can think of is the way I'm calling this script is wrong.

cPanel says to not alter httpd.conf and to use WHM to add additional code to one of the following sections at Home / Service Configuration / Apache Configuration / Include Editor:

Pre Main Include Pre Virtual Host Include Post Virtual Host Include

Include File Location: /etc/apache2/conf.d/includes

so I added the following code to the Post Virtual Host Include section:

# ######################################
# GLOBAL! deny bad bots and IP addresses
# ######################################
#
# Should be set after <VirtualHost>s.  See https://httpd.apache.org/docs/2.4/sections.html#merging
<Location "/">
# AND-combine with preceding configuration sections  
AuthMerging And
# Include blacklist.
Include /etc/apache2/custom.d/globalblacklist.conf
</Location>

Notice the absolute path. If I use the relative paths suggested (also inside globalblacklist.conf), I get the following errors:

2024-08-13 02:43:37.235530 [ERROR] [3557585] [T0] [/etc/apache2/custom.d/globalblacklist.conf:8445] Failed to get absolute path for [/usr/local/apache/custom.d/whitelist-ips.conf/(null)]!
2024-08-13 02:43:37.235495 [ERROR] [3557585] [T0] [/etc/apache2/custom.d/globalblacklist.conf:8421] Failed to get absolute path for [/usr/local/apache/custom.d/blacklist-ips.conf/(null)]!
2024-08-13 02:43:37.214596 [ERROR] [3557585] [T0] [/etc/apache2/custom.d/globalblacklist.conf:928] Failed to get absolute path for [/usr/local/apache/custom.d/bad-referrer-words.conf/(null)]!
2024-08-13 02:43:37.214588 [ERROR] [3557585] [T0] [/etc/apache2/custom.d/globalblacklist.conf:858] Failed to get absolute path for [/usr/local/apache/custom.d/whitelist-domains.conf/(null)]!
2024-08-13 02:43:37.214569 [ERROR] [3557585] [T0] [/etc/apache2/custom.d/globalblacklist.conf:844] Failed to get absolute path for [/usr/local/apache/custom.d/blacklist-user-agents.conf/(null)]!

I would REALLY like to use this script. Does anyone have a clue as to what's going on? Is anyone else experiencing anything similar? If you've never looked at your error_log, you should just to see if you get the same results. Run tail (with sudo or as root) and let it sit for awhile to watch messages accumulate and see what shows up:

% tail -f /var/log/apache2/error_log

Any clues would be greatly appreciated. I'd really like to put this issue to bed once and for all.

Thanks! Marc

OS: CloudLinux 8.10.0 Apache Version: 2.4.62 cPanel: 120.0.15