 |
 |
apache access control
|
|
|
|
|
Junior Member
Join Date: Oct 2002
Status:
Offline
|
|
Hello to everybody.
I'm a newbie and I need a little help.
I installed apache 1.3.28 and I'm now searching for a way to block all external access to my server.
Till now I tried with "basic" auth system, but I want to deny the access w/o requiring any password.
I need the server only as testing enviroment.
Is it possible?
Thx in adavnce
.....
jo
.....
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 1999
Location: Plainview, NY
Status:
Offline
|
|
open up /etc/httpd/httpd.conf (you'll need to use sudo and pico, for instance, since you probably won't have permission to open it otherwise)
so, for handholding's sake:
sudo pico /etc/httpd/httpd.conf
now find this:
#
# This should be changed to whatever you set DocumentRoot to.
#
a few lines below you'll see something along these lines...
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
change to:
Order deny,allow
Deny from all
Allow from XXX
where XXX is your computer's own ip address, or 127.0.0.1 or localhost if you're on the very computer.
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2002
Status:
Offline
|
|
I wonder, can you use the '*' to include a whole subnet? It makes sense..just curious.
i.e. 192.168.2.* or 33.132.*
|
|
Travis Sanderson
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2001
Location: Atlanta, GA, USA
Status:
Offline
|
|
Originally posted by redJag:
I wonder, can you use the '*' to include a whole subnet? It makes sense..just curious.
i.e. 192.168.2.* or 33.132.*
Yup, sort of, but you don't specify the wildcard explicitly. For example, my server's rules:
Code:
<Directory />
Options FollowSymLinks Includes
AllowOverride None
Order Allow,Deny
Allow from all
Deny from 170.35
Deny from 162.39
Deny from 209.184
</Directory>
So any address that begins with any of the three ranges I specified will receive a "denied" message when trying to access my server.
|
|
Mac Pro 2x 2.66 GHz Dual core, Apple TV 160GB, two Windows XP PCs
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Oct 2002
Status:
Offline
|
|
Thx by now, I'll try this evening.
.....
jo
.....
|
|
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Oct 2002
Status:
Offline
|
|
spiky_dog: thx! It works fine!
I cannot show you because my IP is dynamic...
Have another little drop of time for me?
By now I'm managing users root access by "Basic" auth mode. I create the passwords file and added the lines below in http.conf
<Directory /Users>
Authtype Basic
AuthName "Private zone"
AuthUserFile /xxxxx/xxxxx/xxxxx/passwords
Require user xx
</Directory>
Am I wrong? There is smthg better than this?
Thanks in advance.
.....
jo
.....
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 1999
Location: Plainview, NY
Status:
Offline
|
|
sorry, i can't help you with this one (or at least no better than the docs themselves), as i only run my server with ip blocking and nothing more. i'm glad that it worked in any case.
|
|
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Oct 2002
Status:
Offline
|
|
spiky_dog: don't worry, you helped me a looooooot! Thx again.
.....
jo
.....
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2001
Location: Atlanta, GA, USA
Status:
Offline
|
|
Originally posted by ubba:
spiky_dog: thx! It works fine!
I cannot show you because my IP is dynamic...
Have another little drop of time for me?
By now I'm managing users root access by "Basic" auth mode. I create the passwords file and added the lines below in http.conf
<Directory /Users>
Authtype Basic
AuthName "Private zone"
AuthUserFile /xxxxx/xxxxx/xxxxx/passwords
Require user xx
</Directory>
Am I wrong? There is smthg better than this?
Thanks in advance.
.....
jo
.....
Basic Auth works fine. However, it does send the passwords in cleartext (well Base64 encoding, but that's easily reversed). You could use Digest mode authentication, which is far more secure, but it's not trivial to get the server to work in that mode. You might be better off enabling SSL and using that in hand with Basic Auth rather than trying to get mod_auth_digest installed and working.
|
|
Mac Pro 2x 2.66 GHz Dual core, Apple TV 160GB, two Windows XP PCs
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Oct 2002
Status:
Offline
|
|
Originally posted by Arkham_c:
Basic Auth works fine. However, it does send the passwords in cleartext (well Base64 encoding, but that's easily reversed). You could use Digest mode authentication, which is far more secure, but it's not trivial to get the server to work in that mode. You might be better off enabling SSL and using that in hand with Basic Auth rather than trying to get mod_auth_digest installed and working.
Can I say you that I understood nothing? 
Oh, it isn't your fault...
Pls can you say me in what part of Apache manual I can learn more about this subject?
Thx in advance.
.....
jo
.....
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2001
Location: Atlanta, GA, USA
Status:
Offline
|
|
|
|
|
Mac Pro 2x 2.66 GHz Dual core, Apple TV 160GB, two Windows XP PCs
|
| |
|
|
|
|
|
|
|
Junior Member
Join Date: Oct 2002
Status:
Offline
|
|
Thx Arkham_c! 
.....
jo
.....
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
