You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Pouchain Flore <ht...@yahoo.fr> on 2003/10/28 15:28:01 UTC
[users@httpd] Prevent remote access
Hi everybody,
I put my apache server behind a reverse-proxy and I
manage the anthentication through the reverse-proxy.
So I want to prevent direct connection to Apache.
I used a Location directive:
<Location />
Order deny,allow
Allow from @local_ip
Deny from all
</Location>
The problem is that I use Virtual Host. So if somebody
use a Location directive in the VH configuration:
<Location />
Allow from all
</Location>
the VH can now be reached directly !
Does anybody know if there a server directive to
prevent this for the whole server.
Note:
I can't install any firewall on this server...
Thanks for help
___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Prevent remote access
Posted by Joshua Slive <jo...@slive.ca>.
On Tue, 28 Oct 2003, Pouchain Flore wrote:
> <Location />
> Order deny,allow
> Allow from @local_ip
> Deny from all
> </Location>
>
> The problem is that I use Virtual Host. So if somebody
> use a Location directive in the VH configuration:
>
> <Location />
> Allow from all
> </Location>
>
> the VH can now be reached directly !
>
> Does anybody know if there a server directive to
> prevent this for the whole server.
You absolutely cannot give write access to httpd.conf to anyone who isn't
trusted not to mess up the server. That includes "Include"ed files.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org