You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Tony at Bluehaze <to...@bluehaze.com.au> on 2004/08/06 14:32:19 UTC

[users@httpd] "Deny from ..." won't work in apache 2.0.50

    Hi,
We recently tried moving up from Apache 1.3.27 to 2.0.50 and all our
IP-based 'deny' stuff immediately broke.  I imported the main guts of the
1.3.27 config, which contained lots of Virt Hosts and "Allow from/Deny from"
lines, but all such commands were ignored.

I've reverted to 1.3.27 and put 2.0.50 onto port 3003 so I can evaluate
it further.  And I've just gone back to the original httpd.conf that came
with 2.0.50 and carefully made a mininum of changes to try and see what's
going on.

It's currently running at www.minerals.csiro.au:3003 with one Vhost as:

<VirtualHost 150.229.66.21:3003>
    ServerAdmin webmaster@www.minerals.csiro.au
    ServerName www.minerals.csiro.au
    ServerAlias www
    ProxyPass   /   http://webext.minerals.csiro.au/
    ProxyPassReverse    /   http://webext.minerals.csiro.au/
    ErrorLog logs/www.minerals.csiro.au-error_log
    CustomLog logs/www.minerals.csiro.au-access_log combined

    <Directory proxy:http://webext.minerals.csiro.au/>
        Order allow,deny
        Deny from all
        Options All
        IndexOptions FancyIndexing
    </Directory>
</VirtualHost>

This is a proxy to one of our external pages, so access is normally wide
open anyway.  But I would have thought that the above would close it off.
It certainly does with apache 1.3.27 (currently running port 80 and 443
of the same system with dozens of Virt Hosts).

The full config file's at www.minerals.csiro.au/httpd.conf.2.0.50 and the
output of httpd -l at www.minerals.csiro.au:3003/httpd.modules.2.0.50 if
anyone's got time to have a look.

      Tony


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] "Deny from ..." won't work in apache 2.0.50

Posted by Joshua Slive <js...@gmail.com>.

On Fri, 6 Aug 2004 22:32:19 +1000 (EST), Tony at Bluehaze
<to...@bluehaze.com.au> wrote:
>     Hi,
> We recently tried moving up from Apache 1.3.27 to 2.0.50 and all our
> IP-based 'deny' stuff immediately broke.  I imported the main guts of the
> 1.3.27 config, which contained lots of Virt Hosts and "Allow from/Deny from"
> lines, but all such commands were ignored.

>     <Directory proxy:http://webext.minerals.csiro.au/>
>         Order allow,deny
>         Deny from all
>         Options All
>         IndexOptions FancyIndexing
>     </Directory>
> </VirtualHost>

Check the second item under here:
http://httpd.apache.org/docs-2.0/upgrading.html#run-time

<Directory proxy:> needs to be placed with <proxy>.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org