Board index Linux Networking

how to DENY an IP address in Apache 1.1?

how to DENY an IP address in Apache 1.1?

Post by Bong » Tue, 17 Dec 1996 04:00:00



I'm running a personal server on Apache 1.1, and was wondering how to
DENY access to a certain IP-address, so that the IP-address in
question would not have access to WEB-based information.

where would I add in this info?  I have tried editing the ACCESS.CONF
in the Apache directory, but it doesn't seem to have any effect.

I have been able to DENY everything else in INETD, by editing the
HOSTS.DENY file in /etc, but it doesn't affect Apache.

any help would be appreciated...

--kairyl

http://goonie.dorms.tamu.edu/~bongo/

 
 
 
Top

how to DENY an IP address in Apache 1.1?

Post by Anthony Barl » Tue, 17 Dec 1996 04:00:00



: I'm running a personal server on Apache 1.1, and was wondering how to
: DENY access to a certain IP-address, so that the IP-address in
: question would not have access to WEB-based information.

: where would I add in this info?  I have tried editing the ACCESS.CONF
: in the Apache directory, but it doesn't seem to have any effect.

# access.conf: Global access configuration

# /usr/local/etc/httpd/ should be changed to whatever you set ServerRoot to.
<Directory /etc/httpd>
Options Indexes FollowSymLinks
</Directory>

<Directory /path/to/limit>
<Limit>
order deny,allow                 # Deny everyone
deny from all
allow from 194.207.68 194.207.69 # but allows these class C's to access
</Limit>
</Directory>

The re-load httpd

: I have been able to DENY everything else in INETD, by editing the
: HOSTS.DENY file in /etc, but it doesn't affect Apache.

--

Warp Drive Internet Services Ltd. Tel: 01772-315-151  Fax: 01772-314-141
Dialup SLIP/PPP access, WWW design, Web space, FTP Space, UUCP, News Feeds,
Leased Lines, Domain Registrations... and more! Yes we do sell to re-sellers.

        Tel: 01772-315-151 Fax: 01772-314-141  http://www.warp.co.uk/

Unsolicited bulk e-mail ads are delivered to the silicon bit bucket in the sky

 
 
 
Top

1. Apache "allow/deny access by IP address" question (& other config questions...)

For the past two years, I have been running CERN's httpd, but have recently
begun to contemplate switching to Apache 1.05 (most recent non-beta release).
I've got the source code, have compiled it, and am now poring over the
documentation and configuration options.  Once I'm satisfied that Apache is
running well on the Solaris 2.4 box that it's on (serving a small document and
CGI tree for testing purposes), I want to turn the entire document/CGI set
from the CERN server over to the Apache server.
Before I can attempt to do this, I have a few questions:

The first has to do with restricting access to document and CGI trees based on
the browser's IP address.  With the CERN httpd, a few "protect" rules and a
few files containing "mask-group  <ip addr mask>,..." did the trick.
The Apache docs seem to offer little information about authentication, and
what's there seems to be focussed entirely on username/password schemes.

Secondly, unless I'm missing something in the docs, can I assume that I can't
do the equivalent of CERN's "pass" rules?  These let me map different document
trees (located anywhere in my machine's filesystems) to different URL paths.
Eg.  In my current CERN setup, all URLs of form www.lhsc.on.ca/ map to
/www/doc, but www.lhsc.on.ca/priv/ actually comes from /www/priv.  This allows
me to keep the file trees nice and separate, even if everything ends up in
one URL tree.  I'd prefer to avoid NOT having to use symlinks to get the job
done under Apache.

If these questions require more details, please let me know.  My typing
fingers are tired this morning, so I haven't included many here.

Thanks,

..Steve

--
Steve van der Burg
Technical Analyst, Information Services
London Health Sciences Centre
London, Ontario, Canada
Tel: +1 519 663-3300 x 5559

WWW: http://www.lhsc.on.ca/~vanderbg/

2. Help with Diskless Boot

3. Denying access to IP address on whole domain in Apache?

4. Books on Linux / Unix Security and Firewalls

5. Apache_1.1.1 ServerPath for non IP addresses

6. Creative GeForce Video Card

7. Please can you help me with CGI in Apache 1.1 (same question with email address)

8. Information about using ssl

9. Apache 1.1(b3..but soon the release) And Virtual Hosts: Same IP, DIfferent Port

10. How to put HTTP/1.1 401 Access Denied to responce in CGI script

11. Denying/Allowing telnet connections by ip address

12. Changing IP address on Solaris 9 with multiple virtual IP addresses

13. WANTED: pingmac <IP ADDR> which returns <MAC ADDRESS of IP ADDRESS>


All times are UTC
Board index