Question: Access Control with NCSA httpd 1.4.2

Question: Access Control with NCSA httpd 1.4.2

Post by Randal Gla » Wed, 19 Jul 1995 04:00:00



I am having a small problem with access control that I hope some
of you out there can help me with. I am running NSCA httpd 1.4.2 pre-forked,
on SunOs 4.1.3. I have a directory with a .htaccess file that looks like
this:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName Testthis
AuthType Basic

<Limit GET>
order deny,allow
deny from all
allow from .asel.udel.edu
#allow from 128.175.51.
</Limit>

Options Indexes FollowSymLinks

So, by the above, I should be limiting access to hosts in my domain (.asel
.udel.edu) right? Well, for some reason this causes _all_ hosts to be
denied access, regardless of whether they are in our domain or not. However,
if I comment out the first "allow from..." line, and uncomment the line
below it, all is well, and works like it should. So, I guess my question is:
What am I doing wrong, or what must be fixed? I would really prefer to use
naming instead of IP addresses, but I suppose I _could_ live with numbers if
need be...

Another weird thing - I _swear_ it was working right yesterday! :)

Thank you all in advance for your helpful replies,


Rehabilitation Robotics Group / Applied Science & Engineering Laboratories
Alfred I. duPont Institute / Univ. of Delaware / Wilmington, Del. USA

 
 
 

Question: Access Control with NCSA httpd 1.4.2

Post by Rick Ba » Fri, 21 Jul 1995 04:00:00



says...
...
Quote:>order deny,allow
>deny from all
>allow from .asel.udel.edu
>#allow from 128.175.51.

...
try the following:

allow from asel.udel.edu

The leading period on the domain name is probably throwing it off.

Hope this helps!

- Rick Barr
  CIS Repository Services
  EDS

 
 
 

Question: Access Control with NCSA httpd 1.4.2

Post by Greg Smi » Wed, 26 Jul 1995 04:00:00



Quote:

>...

>So, by the above, I should be limiting access to hosts in my domain (.asel
>.udel.edu) right? Well, for some reason this causes _all_ hosts to be
>denied access, regardless of whether they are in our domain or not. However,
>if I comment out the first "allow from..." line, and uncomment the line
>below it, all is well, and works like it should. So, I guess my question is:
>What am I doing wrong, or what must be fixed? I would really prefer to use
>naming instead of IP addresses, but I suppose I _could_ live with numbers if
>need be...

>...

I am having the very same problem with NCSA httpd 1.4.2 on
Solaris 2.4 (SunOS 4.1.3_U1).  The access control by domain
name does work on our RS/6000 running AIX with an earlier
version of NCSA httpd. Does anyone know why the 1.4.2
version doesn't provide domain name access on Solaris?

======================================================

http://mimir.gsfc.nasa.gov/
Gregory A. Smith                       (301) 731-8930
Unisys Corp., Goddard Facility    FAX: (301) 731-8603
======================================================

 
 
 

Question: Access Control with NCSA httpd 1.4.2

Post by Greg Smi » Wed, 26 Jul 1995 04:00:00



says...


>says...
>...
>>order deny,allow
>>deny from all
>>allow from .asel.udel.edu
>>#allow from 128.175.51.
>...
>try the following:

>allow from asel.udel.edu

>The leading period on the domain name is probably throwing it off.

>Hope this helps!

The leading period is necessary if you are specifying
a domain.

======================================================

http://mimir.gsfc.nasa.gov/
Gregory A. Smith                       (301) 731-8930
Unisys Corp., Goddard Facility    FAX: (301) 731-8603
======================================================

 
 
 

Question: Access Control with NCSA httpd 1.4.2

Post by David Orcha » Thu, 03 Aug 1995 04:00:00


I'm having the same problem with NCSA httpd 1.4.2 on Solaris 2.4.  I
tried the . in front of the domain name.  I noticed that the
access_log file lists the access as the short name rather than the
fully qualified domain name.  Seems that NCSA usees gethostbyname,
which is returning the NIS entry which has the short name first.
We're using NIS rather than NIS+.  I'm not sure how to force
gethostbyname to return the FQDN.

Any thoughts?

Dave
MacDonald Dettwiler & Assoc.
Richmond BC, Canada

http://haven.uniserver.com/~orchard/homepage.html


: >
: >...
: >
: >So, by the above, I should be limiting access to hosts in my domain (.asel
: >.udel.edu) right? Well, for some reason this causes _all_ hosts to be
: >denied access, regardless of whether they are in our domain or not. However,
: >if I comment out the first "allow from..." line, and uncomment the line
: >below it, all is well, and works like it should. So, I guess my question is:
: >What am I doing wrong, or what must be fixed? I would really prefer to use
: >naming instead of IP addresses, but I suppose I _could_ live with numbers if
: >need be...
: >
: >...
: >

: I am having the very same problem with NCSA httpd 1.4.2 on
: Solaris 2.4 (SunOS 4.1.3_U1).  The access control by domain
: name does work on our RS/6000 running AIX with an earlier
: version of NCSA httpd. Does anyone know why the 1.4.2
: version doesn't provide domain name access on Solaris?

: ======================================================

: http://mimir.gsfc.nasa.gov/
: Gregory A. Smith                       (301) 731-8930
: Unisys Corp., Goddard Facility    FAX: (301) 731-8603
: ======================================================

 
 
 

Question: Access Control with NCSA httpd 1.4.2

Post by Greg Smi » Thu, 03 Aug 1995 04:00:00



says...


>>...

>>So, by the above, I should be limiting access to hosts in my domain (.asel
>>.udel.edu) right? Well, for some reason this causes _all_ hosts to be
>>denied access, regardless of whether they are in our domain or not. However,
>>if I comment out the first "allow from..." line, and uncomment the line
>>below it, all is well, and works like it should. So, I guess my question is:
>>What am I doing wrong, or what must be fixed? I would really prefer to use
>>naming instead of IP addresses, but I suppose I _could_ live with numbers if
>>need be...

>>...

>I am having the very same problem with NCSA httpd 1.4.2 on
>Solaris 2.4 (SunOS 4.1.3_U1).  The access control by domain
>name does work on our RS/6000 running AIX with an earlier
>version of NCSA httpd. Does anyone know why the 1.4.2
>version doesn't provide domain name access on Solaris?

The problem was solved when we realized that some of our
user node names in the access log were not fully qualified
domain names (thanks to Dave Orchard).

The names had been placed in the /etc/hosts file with the
short name preceding the FQDN.  By reversing the order for
these entries (i.e., IP address, FQDN, short name) in
/etc/hosts, the FQDN was picked up by the httpd server and
domain access was granted.

======================================================

http://mimir.gsfc.nasa.gov/
Gregory A. Smith                       (301) 731-8930
Unisys Corp., Goddard Facility    FAX: (301) 731-8603
======================================================

 
 
 

1. Access Control with NCSA httpd 1.4

Is it possible to restrict access in the following way:  I want the directory
to be available to some IP numbers (like 141.211) and, if the remote IP number
is not allowed, to have the option of user authentication.  So, in this case,
someone from 141.211 gets in and someone not from 141.211 is prompted for a
user name and password.  I know how to do each of these things, but not both
together in the manner that I want; i.e. I can first narrow entrants to 141.211
and then prompt everyone for name/password, but this is not what I want:

<Limit GET>
order deny,allow
deny from all
allow 141.211.
require group outside_users
</Limit>

Thanks for any help.

--
-----------------------------------------------------------------------

Department of Economics    http://mqem.econ.lsa.umich.edu/~noah/
University of Michigan     Office telephone: (313) 764-2567

2. deny hosts

3. Implementing domain access control in NCSA httpd

4. Bourne shell script affecting current shell with arguments

5. Controlling access with NCSA httpd

6. PIPES

7. Access control with NCSA httpd 1.5a?

8. mush/cdrom

9. Controlling access with NCSA httpd

10. Directory control by access.conf & .htacces NCSA httpd

11. NCSA HTTPd NCSA/1.5.0a CGI question

12. NCSA httpd: Controlling # of Forks?

13. Access Configuration with apache/ncsa-httpd