Very Computer

I am having a small problem with access control that I hope some
of you out there can help me with. I am running NSCA httpd 1.4.2 pre-forked,
on SunOs 4.1.3. I have a directory with a .htaccess file that looks like
this:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName Testthis
AuthType Basic

<Limit GET>
order deny,allow
deny from all
allow from .asel.udel.edu
#allow from 128.175.51.
</Limit>

Options Indexes FollowSymLinks

So, by the above, I should be limiting access to hosts in my domain (.asel
.udel.edu) right? Well, for some reason this causes _all_ hosts to be
denied access, regardless of whether they are in our domain or not. However,
if I comment out the first "allow from..." line, and uncomment the line
below it, all is well, and works like it should. So, I guess my question is:
What am I doing wrong, or what must be fixed? I would really prefer to use
naming instead of IP addresses, but I suppose I _could_ live with numbers if
need be...

Another weird thing - I _swear_ it was working right yesterday! :)

Thank you all in advance for your helpful replies,

Rehabilitation Robotics Group / Applied Science & Engineering Laboratories
Alfred I. duPont Institute / Univ. of Delaware / Wilmington, Del. USA

Quote:>order deny,allow
>deny from all
>allow from .asel.udel.edu
>#allow from 128.175.51.

allow from asel.udel.edu

The leading period on the domain name is probably throwing it off.

Hope this helps!

- Rick Barr
  CIS Repository Services
  EDS

Quote:

>...

>So, by the above, I should be limiting access to hosts in my domain (.asel
>.udel.edu) right? Well, for some reason this causes _all_ hosts to be
>denied access, regardless of whether they are in our domain or not. However,
>if I comment out the first "allow from..." line, and uncomment the line
>below it, all is well, and works like it should. So, I guess my question is:
>What am I doing wrong, or what must be fixed? I would really prefer to use
>naming instead of IP addresses, but I suppose I _could_ live with numbers if
>need be...

>...

======================================================

http://mimir.gsfc.nasa.gov/
Gregory A. Smith                       (301) 731-8930
Unisys Corp., Goddard Facility    FAX: (301) 731-8603
======================================================

======================================================

http://mimir.gsfc.nasa.gov/
Gregory A. Smith                       (301) 731-8930
Unisys Corp., Goddard Facility    FAX: (301) 731-8603
======================================================

Any thoughts?

Dave
MacDonald Dettwiler & Assoc.
Richmond BC, Canada

http://haven.uniserver.com/~orchard/homepage.html

: >
: >...
: >
: >So, by the above, I should be limiting access to hosts in my domain (.asel
: >.udel.edu) right? Well, for some reason this causes _all_ hosts to be
: >denied access, regardless of whether they are in our domain or not. However,
: >if I comment out the first "allow from..." line, and uncomment the line
: >below it, all is well, and works like it should. So, I guess my question is:
: >What am I doing wrong, or what must be fixed? I would really prefer to use
: >naming instead of IP addresses, but I suppose I _could_ live with numbers if
: >need be...
: >
: >...
: >

: I am having the very same problem with NCSA httpd 1.4.2 on
: Solaris 2.4 (SunOS 4.1.3_U1).  The access control by domain
: name does work on our RS/6000 running AIX with an earlier
: version of NCSA httpd. Does anyone know why the 1.4.2
: version doesn't provide domain name access on Solaris?

: ======================================================

: http://mimir.gsfc.nasa.gov/
: Gregory A. Smith                       (301) 731-8930
: Unisys Corp., Goddard Facility    FAX: (301) 731-8603
: ======================================================

The names had been placed in the /etc/hosts file with the
short name preceding the FQDN.  By reversing the order for
these entries (i.e., IP address, FQDN, short name) in
/etc/hosts, the FQDN was picked up by the httpd server and
domain access was granted.

======================================================

http://mimir.gsfc.nasa.gov/
Gregory A. Smith                       (301) 731-8930
Unisys Corp., Goddard Facility    FAX: (301) 731-8603
======================================================