You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Luís de Sousa <lu...@gmail.com> on 2012/06/12 11:55:00 UTC
[users@httpd] Access rules in an intranet
Dear all,
I'm configuring a server to which I have ssh access through an intranet.
I'd like to open access to all nodes in the same IP range as mine to a
particular application (phppgadmin). In the .conf file I have the following:
order allow,deny
deny from all
allow from 10.215.xxx.xxx
But this way I get the Forbidden error in the browser. I've also tried with:
order allow,deny
deny from all
allow from 10.215
And even by specifying my IP:
order allow,deny
deny from all
allow from 10.215.1.119
Still, I get the Forbidden error. The only way I found out to access this
application is by using "allow from all", which is not acceptable since
this server will be going to the DMZ sometime.
What am I doing wrong? Any further information I can provide to solve this
issue?
Thank you.
Re: [users@httpd] Access rules in an intranet
Posted by Anam Ali Khan <an...@yahoo.com>.
I think you don't need to use <DirectoryMatch> option in your config file. Replace <DirectoryMatch> with <Directory> option and add following code in it.
Order deny,allow
deny from all
allow from 10.215.1.0</Directory
-Anam
________________________________
From: Luís de Sousa <lu...@gmail.com>
To: users@httpd.apache.org; Anam Ali Khan <an...@yahoo.com>
Sent: Thursday, 14 June 2012, 12:19
Subject: Re: [users@httpd] Access rules in an intranet
Hi Anam,
The config file has only two blocks: DirectoryMatch and IfModule, organised like this:
<DirectoryMatch /usr/share/phppgadmin/>
...
<IfModule mod_php4.c>
...
</IfModule>
...
</DirectoryMatch>
Where exactly should I put the Directory block?
Thank you.
On 13 June 2012 19:18, Anam Ali Khan <an...@yahoo.com> wrote:
Hi,
>
>
>Insert "Directory" block in virtual host container (configuration). It seems you have added in that area where <Directory> option is not allowed.
>
>
>-Anam
>
>
Re: [users@httpd] Access rules in an intranet
Posted by Luís de Sousa <lu...@gmail.com>.
Hi Anam,
The config file has only two blocks: DirectoryMatch and IfModule, organised
like this:
<DirectoryMatch /usr/share/phppgadmin/>
...
<IfModule mod_php4.c>
...
</IfModule>
...
</DirectoryMatch>
Where exactly should I put the Directory block?
Thank you.
On 13 June 2012 19:18, Anam Ali Khan <an...@yahoo.com> wrote:
> Hi,
>
> Insert "Directory" block in virtual host container (configuration). It
> seems you have added in that area where <Directory> option is not allowed.
>
> -Anam
>
>
Re: [users@httpd] Access rules in an intranet
Posted by Anam Ali Khan <an...@yahoo.com>.
Hi,
Insert "Directory" block in virtual host container (configuration). It seems you have added in that area where <Directory> option is not allowed.
-Anam
________________________________
From: Luís de Sousa <lu...@gmail.com>
To: users@httpd.apache.org; Anam Ali Khan <an...@yahoo.com>
Sent: Wednesday, 13 June 2012, 11:52
Subject: Re: [users@httpd] Access rules in an intranet
Hi Anam,
Apache complains about it: "Directory not allowed here". I suppose it doesn't like having two nested Directory blocks.
Thank you in any case.
On 12 June 2012 20:54, Anam Ali Khan <an...@yahoo.com> wrote:
Try the following configuration:
>
>
><Directory "phppgadmin location>
>Order deny,allow
>deny from all
>allow from 10.215.1.0
></Directory>
>
>
>Replace "phppgadmin location" with the actual location whereyou have installed your application.
>
>
>Hope it will solve :)
>
>
>
>-Anam
>
>
>
Re: [users@httpd] Access rules in an intranet
Posted by Luís de Sousa <lu...@gmail.com>.
Hi Anam,
Apache complains about it: "Directory not allowed here". I suppose it
doesn't like having two nested Directory blocks.
Thank you in any case.
On 12 June 2012 20:54, Anam Ali Khan <an...@yahoo.com> wrote:
> Try the following configuration:
>
> <Directory "phppgadmin location>
> Order deny,allow
> deny from all
> allow from 10.215.1.0
> </Directory>
>
> Replace "phppgadmin location" with the actual location whereyou have
> installed your application.
>
> Hope it will solve :)
>
> -Anam
>
>
Re: [users@httpd] Access rules in an intranet
Posted by Anam Ali Khan <an...@yahoo.com>.
Try the following configuration:
<Directory "phppgadmin location>
Order deny,allow
deny from all
allow from 10.215.1.0
</Directory>
Replace "phppgadmin location" with the actual location whereyou have installed your application.
Hope it will solve :)
-Anam
________________________________
From: Luís de Sousa <lu...@gmail.com>
To: users@httpd.apache.org
Sent: Tuesday, 12 June 2012, 14:55
Subject: [users@httpd] Access rules in an intranet
Dear all,
I'm configuring a server to which I have ssh access through an intranet. I'd like to open access to all nodes in the same IP range as mine to a particular application (phppgadmin). In the .conf file I have the following:
order allow,deny
deny from all
allow from 10.215.xxx.xxx
But this way I get the Forbidden error in the browser. I've also tried with:
order allow,deny
deny from all
allow from 10.215
And even by specifying my IP:
order allow,deny
deny from all
allow from 10.215.1.119
Still, I get the Forbidden error. The only way I found out to access this application is by using "allow from all", which is not acceptable since this server will be going to the DMZ sometime.
What am I doing wrong? Any further information I can provide to solve this issue?
Thank you.
Re: [users@httpd] Access rules in an intranet
Posted by Luís de Sousa <lu...@gmail.com>.
Hi Toomas,
Indeed, using netstat I could verify that when I'm connect to other
services on that server the access IP is 158.64.4.14. I have no idea how,
but some proxy must be in between, since there's configured in the browser.
Knowing that the IP in the error log is that of the incoming request was
able to configure the access to pgphpadmin correctly.
Thank you very much,
Luís
On 15 June 2012 06:53, Toomas Aas <to...@raad.tartu.ee> wrote:
> Wed, 13 Jun 2012 kirjutas Luís de Sousa <lu...@gmail.com>:
>
>
> For each access to the phppgadmin folder I'm getting this line at the
>> error
>> log:
>>
>> 158.64.4.14 - - [13/Jun/2012:08:51:21 +0200] "GET /phppgadmin/ HTTP/1.1"
>> 403 510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0)
>> Gecko/20100101 Firefox/13.0"
>>
>
> Your configuration directives allow access from 10.215.xxx.xxx, but when
> you actually access the site, requests come from 158.64.4.14. Maybe your
> browser is using a proxy?
>
> --
> Toomas Aas
>
Re: [users@httpd] Access rules in an intranet
Posted by Toomas Aas <to...@raad.tartu.ee>.
Wed, 13 Jun 2012 kirjutas Luís de Sousa <lu...@gmail.com>:
> For each access to the phppgadmin folder I'm getting this line at the error
> log:
>
> 158.64.4.14 - - [13/Jun/2012:08:51:21 +0200] "GET /phppgadmin/ HTTP/1.1"
> 403 510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0)
> Gecko/20100101 Firefox/13.0"
Your configuration directives allow access from 10.215.xxx.xxx, but
when you actually access the site, requests come from 158.64.4.14.
Maybe your browser is using a proxy?
--
Toomas Aas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access rules in an intranet
Posted by Luís de Sousa <lu...@gmail.com>.
Hi Eric,
For each access to the phppgadmin folder I'm getting this line at the error
log:
158.64.4.14 - - [13/Jun/2012:08:51:21 +0200] "GET /phppgadmin/ HTTP/1.1"
403 510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0)
Gecko/20100101 Firefox/13.0"
It doesn't say much to me. Thank you for answering.
On 12 June 2012 16:50, Eric Covener <co...@gmail.com> wrote:
>
> What do your error and access log say?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Access rules in an intranet
Posted by Eric Covener <co...@gmail.com>.
On Tue, Jun 12, 2012 at 9:27 AM, Luís de Sousa
<lu...@gmail.com> wrote:
> Hi Eric,
>
> Reading the documentation, it seems to me it shouldn't make a difference. In
> any case trying with this configuration:
>
> order Deny,Allow
> Allow from 10.215
> Deny from all
>
> Doesn't the solve the problem either.
What do your error and access log say?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access rules in an intranet
Posted by Luís de Sousa <lu...@gmail.com>.
Hi Eric,
Reading the documentation, it seems to me it shouldn't make a difference.
In any case trying with this configuration:
order Deny,Allow
Allow from 10.215
Deny from all
Doesn't the solve the problem either.
Thank you and regards.
On 12 June 2012 14:14, Eric Covener <co...@gmail.com> wrote:
> On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa
> <lu...@gmail.com> wrote:
> > Dear all,
> >
> > I'm configuring a server to which I have ssh access through an intranet.
> I'd
> > like to open access to all nodes in the same IP range as mine to a
> > particular application (phppgadmin). In the .conf file I have the
> following:
> >
> > order allow,deny
> > deny from all
> > allow from 10.215.xxx.xxx
>
> In all your attempts, and the other reply, the "deny from all" is
> processed after the "allow" due to the Order directive.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Access rules in an intranet
Posted by Eric Covener <co...@gmail.com>.
On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa
<lu...@gmail.com> wrote:
> Dear all,
>
> I'm configuring a server to which I have ssh access through an intranet. I'd
> like to open access to all nodes in the same IP range as mine to a
> particular application (phppgadmin). In the .conf file I have the following:
>
> order allow,deny
> deny from all
> allow from 10.215.xxx.xxx
In all your attempts, and the other reply, the "deny from all" is
processed after the "allow" due to the Order directive.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access rules in an intranet
Posted by Luís de Sousa <lu...@gmail.com>.
Thank you for the reply Rajeev.
Unfortunately<http://duckduckgo.com/?q=unfortunately&ky=%23282828&kj=b2&kx=%23EE9D55&kl=wt-wt&k7=%23464545&k8=%23EFEFEF&k9=%23EDD400&kaa=%238AE234>
it
doesn't work that way either. Regards.
On 12 June 2012 12:05, Rajeev Kumar <rk...@gmail.com> wrote:
> Hi Luis,
>
> Please try with the below order. Hope this helps
>
>
> order Allow,Deny
> Allow from 10.215
> Deny from all
>
> Thanks
>
>
> On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa <lu...@gmail.com>wrote:
>
>> Dear all,
>>
>> I'm configuring a server to which I have ssh access through an intranet.
>> I'd like to open access to all nodes in the same IP range as mine to a
>> particular application (phppgadmin). In the .conf file I have the following:
>>
>> order allow,deny
>> deny from all
>> allow from 10.215.xxx.xxx
>>
>> But this way I get the Forbidden error in the browser. I've also tried
>> with:
>>
>> order allow,deny
>> deny from all
>> allow from 10.215
>>
>> And even by specifying my IP:
>>
>> order allow,deny
>> deny from all
>> allow from 10.215.1.119
>>
>> Still, I get the Forbidden error. The only way I found out to access this
>> application is by using "allow from all", which is not acceptable since
>> this server will be going to the DMZ sometime.
>>
>> What am I doing wrong? Any further information I can provide to solve
>> this issue?
>>
>> Thank you.
>>
>>
>
Re: [users@httpd] Access rules in an intranet
Posted by Rajeev Kumar <rk...@gmail.com>.
Hi Luis,
Please try with the below order. Hope this helps
order Allow,Deny
Allow from 10.215
Deny from all
Thanks
On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa <lu...@gmail.com>wrote:
> Dear all,
>
> I'm configuring a server to which I have ssh access through an intranet.
> I'd like to open access to all nodes in the same IP range as mine to a
> particular application (phppgadmin). In the .conf file I have the following:
>
> order allow,deny
> deny from all
> allow from 10.215.xxx.xxx
>
> But this way I get the Forbidden error in the browser. I've also tried
> with:
>
> order allow,deny
> deny from all
> allow from 10.215
>
> And even by specifying my IP:
>
> order allow,deny
> deny from all
> allow from 10.215.1.119
>
> Still, I get the Forbidden error. The only way I found out to access this
> application is by using "allow from all", which is not acceptable since
> this server will be going to the DMZ sometime.
>
> What am I doing wrong? Any further information I can provide to solve this
> issue?
>
> Thank you.
>
>