You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Pouchain Flore <ht...@yahoo.fr> on 2003/10/28 15:28:01 UTC

[users@httpd] Prevent remote access

Hi everybody,

I put my apache server behind a reverse-proxy and I
manage the anthentication through the reverse-proxy.
So I want to prevent direct connection to Apache.
I used a Location directive:
<Location />
    Order deny,allow
    Allow from @local_ip
    Deny from all
</Location>

The problem is that I use Virtual Host. So if somebody
use a Location directive in the VH configuration:

<Location />
     Allow from all
</Location>

the VH can now be reached directly !

Does anybody know if there a server directive to
prevent this for the whole server.

Note:
I can't install any firewall on this server...


Thanks for help






___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Prevent remote access

Posted by Joshua Slive <jo...@slive.ca>.

On Tue, 28 Oct 2003, Pouchain Flore wrote:
> <Location />
>     Order deny,allow
>     Allow from @local_ip
>     Deny from all
> </Location>
>
> The problem is that I use Virtual Host. So if somebody
> use a Location directive in the VH configuration:
>
> <Location />
>      Allow from all
> </Location>
>
> the VH can now be reached directly !
>
> Does anybody know if there a server directive to
> prevent this for the whole server.

You absolutely cannot give write access to httpd.conf to anyone who isn't
trusted not to mess up the server.  That includes "Include"ed files.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org