You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Denise Mangano <De...@complusdata.com> on 2003/04/16 03:33:22 UTC
RE: [users@httpd] Restricting access by IP address between Linux
and WinXP
It turns out that the problem is not my server seeing my workstation's IP
address. When I connect to www.mywebsite.com and run a netstat from my
server I see my workstation connected and the IP address shows correctly.
Now the Directory directive for the test.mywebsite.com specifies to allow
from 192.168.XX.XX which is my IP address. However I get forbidden access
to the / directory. Everyone has read permission from the / directory down
to the test.mywebsite directory.
I'd really appreciate any feedback on this one - I'm really stressing over
this, and need to get this working asap. I've been searching throught the
archives and it looks like I am doing everything right but its not working.
I made a typo before... the directives in my httpd.conf file are as follows:
<Directory />
Order deny,allow
Deny from all
</Directory>
<VirtualHost www.mywebsite.com>
...
<Directory /path/to/public site>
Order deny,allow
Allow from all
</Directory>
...
</VirtualHost>
<VirtualHost test.mywebsite.com>
...
<Directory /path/to/private/site>
Order deny, allow
Allow from 127.0.0.1
Allow from 192.168.XX.XX
</Directory>
...
</VirtualHost>
Thanks for your help!
Denise
-----Original Message-----
From: Denise Mangano
To: 'users@httpd.apache.org'
Sent: 4/15/2003 3:04 PM
Subject: [users@httpd] Restricting access by IP address between Linux and
WinXP
I have a directory set up that I am trying to restrict public access to.
I
am working from my WinXP workstation and I use a SSH client to connect
to my
Linux server. My access to the public site works fine.
However, when I attempt to access the private site from the IP address
specified in the directive, I get a forbidden message. The good news is
that
public access is also forbidden, but I need to get access from my
workstation at the least, and possibly other workstations within my
office.
I am on the same network as the Linux server, and can't understand why
this
is not working.
Any ideas?
In my httpd.conf I have the <Directory> directives set up (left out
irrelevant code):
<Directory />
Order deny,allow
Deny from all
</Directory>
<VirtualHost public site>
...
<Directory /path/to/public site>
Order deny,allow
Deny from all
</Directory>
...
</VirtualHost>
<VirtualHost private site>
...
<Directory /path/to/private/site>
Order allow,deny
Allow from 127.0.0.1
Allow from 192.168.XX.XX
</Directory>
...
</VirtualHost>
Thanks for your help.
Denise
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Restricting access by IP address between Linux and WinXP
Posted by "B.J. Ash" <ad...@nasa.nmu.edu>.
When defining network segments on Apache, such as your example of
"Allow from 192.168.XX.XX", shouldn't you have entered " Allow from
192.168.*.* " instead? It seems to me that the wildcard would be more
appropriate and acceptable than the XXs. I'm surprised Apache didn't
give you an error on startup stating that it can't reach "192.168.XX.XX"
I could be wrong though....
--
B.J. Ash
admin@nasa.nmu.edu
Information Technology Systems Specialist III
On Tuesday, Apr 15, 2003, at 21:33 America/Detroit, Denise Mangano
wrote:
> It turns out that the problem is not my server seeing my workstation's
> IP
> address. When I connect to www.mywebsite.com and run a netstat from my
> server I see my workstation connected and the IP address shows
> correctly.
>
> Now the Directory directive for the test.mywebsite.com specifies to
> allow
> from 192.168.XX.XX which is my IP address. However I get forbidden
> access
> to the / directory. Everyone has read permission from the / directory
> down
> to the test.mywebsite directory.
>
> I'd really appreciate any feedback on this one - I'm really stressing
> over
> this, and need to get this working asap. I've been searching throught
> the
> archives and it looks like I am doing everything right but its not
> working.
>
> I made a typo before... the directives in my httpd.conf file are as
> follows:
> <Directory />
> Order deny,allow
> Deny from all
> </Directory>
>
> <VirtualHost www.mywebsite.com>
> ...
> <Directory /path/to/public site>
> Order deny,allow
> Allow from all
> </Directory>
> ...
> </VirtualHost>
>
> <VirtualHost test.mywebsite.com>
> ...
> <Directory /path/to/private/site>
> Order deny, allow
> Allow from 127.0.0.1
> Allow from 192.168.XX.XX
> </Directory>
> ...
> </VirtualHost>
>
> Thanks for your help!
> Denise
>
> -----Original Message-----
> From: Denise Mangano
> To: 'users@httpd.apache.org'
> Sent: 4/15/2003 3:04 PM
> Subject: [users@httpd] Restricting access by IP address between Linux
> and
> WinXP
>
> I have a directory set up that I am trying to restrict public access
> to.
> I
> am working from my WinXP workstation and I use a SSH client to connect
> to my
> Linux server. My access to the public site works fine.
>
> However, when I attempt to access the private site from the IP address
> specified in the directive, I get a forbidden message. The good news is
> that
> public access is also forbidden, but I need to get access from my
> workstation at the least, and possibly other workstations within my
> office.
> I am on the same network as the Linux server, and can't understand why
> this
> is not working.
>
> Any ideas?
>
> In my httpd.conf I have the <Directory> directives set up (left out
> irrelevant code):
>
> <Directory />
> Order deny,allow
> Deny from all
> </Directory>
>
> <VirtualHost public site>
> ...
> <Directory /path/to/public site>
> Order deny,allow
> Deny from all
> </Directory>
> ...
> </VirtualHost>
>
> <VirtualHost private site>
> ...
> <Directory /path/to/private/site>
> Order allow,deny
> Allow from 127.0.0.1
> Allow from 192.168.XX.XX
> </Directory>
> ...
> </VirtualHost>
>
> Thanks for your help.
> Denise
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
B.J. Ash
admin@nasa.nmu.edu
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org