Allow_Referer

[Graham White <gr...@bravenet.com>]

	I have an associate who has recently changed ip's, I have him setup so that
he can access a directory on my apache server using the allow_referer
directive. With his previous ip's he had no problem connecting but now that
they have changed he can't connect. The error log shows client denied by
server configuration. His domain name hasn't changed, the only thing that
has changed is his ip's which I have added to be allowed. I've also tried
addding the router ip that he is behind. Our firewall hasn't changed. DNS
doesn't appear to be an issue as I can resolve his new ip's to his domain
name with no problem.
	The apache config hasn't changed in any other way so I am a bit mystified.
Any suggestions? I imagine there is a way to log with more details so any
links would be appreciated. Thanks.

G White


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Allow_Referer

[Owen Boyle <ob...@bourse.ch>]

Graham White wrote:
> 
>         I have an associate who has recently changed ip's, I have him setup so that
> he can access a directory on my apache server using the allow_referer
> directive. With his previous ip's he had no problem connecting but now that
> they have changed he can't connect. The error log shows client denied by
> server configuration. His domain name hasn't changed, the only thing that
> has changed is his ip's which I have added to be allowed. I've also tried
> addding the router ip that he is behind. Our firewall hasn't changed. DNS
> doesn't appear to be an issue as I can resolve his new ip's to his domain
> name with no problem.

If I understand you correctly, you mean you have a directory container
like this:

<Directory /home/web/customer/logs>
    Order deny,allow
    Deny from all
    Allow from customer.com
</Directory>

So you only allow access to a certain directory from a few specific
domains. We have a similar setup to allow customers to download their
access-logs.

Interestingly, we had a customer who changed IP address (but kept
domain-name) and thereafter couldn't access his logs. DNS resolved his
(unchanged) domain-name to the new IP but it was like apache didn't pick
up the changes. Sounds like the same problem...

Time being of the essence, I just replaced his domain-name with his
hard-coded IP address but I would like to know really what happened. I'm
not at all familiar with how apache does domain-name lookups - I should
read the code I guess...

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: Allow_Referer

[Joshua Slive <jo...@slive.ca>]

> From: Graham White [mailto:graham@bravenet.com]
>
> 	I have an associate who has recently changed ip's, I have
> him setup so that
> he can access a directory on my apache server using the allow_referer
> directive. With his previous ip's he had no problem connecting
> but now that
> they have changed he can't connect. The error log shows client denied by
> server configuration. His domain name hasn't changed, the only thing that
> has changed is his ip's which I have added to be allowed. I've also tried
> addding the router ip that he is behind. Our firewall hasn't changed. DNS
> doesn't appear to be an issue as I can resolve his new ip's to his domain
> name with no problem.
> 	The apache config hasn't changed in any other way so I am a
> bit mystified.
> Any suggestions? I imagine there is a way to log with more details so any
> links would be appreciated. Thanks.

To start, there is no "allow_referer" directive in the base apache, so it
would be helpful to clarify what you doing here.  You can do this using
SetEnvIf and "Allow from env=".  Is that what you are doing?

Please post the exact relevant excerpt of httpd.conf along with the exact
lines from the access_log.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org