You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Chris Pat <cp...@yahoo.com> on 2005/10/11 02:32:39 UTC

[users@httpd] localhost htdocs access vs external restriction

Hello
Is it possible to restrict contents of the htdocs
directory depending on where the uses is from?  I want
to give localhost access and either block WAN side
access either totaly or directory by directory.  I
believe it can be done by directory restriction if you
are using a domain name.  I am not sure on access to
htdocs.  

Also this is my first time setting up Apache2.05x.  Is
there a faq or some "must enable" to protect the
htdocs, from ddos, script attacks, remote access.  Any
recommended faq on securing apache other than the
plethora adduced from a web search.  tia.


	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] localhost htdocs access vs external restriction

Posted by Joshua Slive <js...@gmail.com>.

On 10/10/05, Chris Pat <cp...@yahoo.com> wrote:
> Hello
> Is it possible to restrict contents of the htdocs
> directory depending on where the uses is from?  I want
> to give localhost access and either block WAN side
> access either totaly or directory by directory.  I
> believe it can be done by directory restriction if you
> are using a domain name.  I am not sure on access to
> htdocs.

This is the basic purpose of mod_access.  Look up the docs for this
module.  Then do something like
<Directory /path/to/document/root>
Order Deny,Allow
Deny from all
Allow from localhost
</Directory>

>
> Also this is my first time setting up Apache2.05x.  Is
> there a faq or some "must enable" to protect the
> htdocs, from ddos, script attacks, remote access.  Any
> recommended faq on securing apache other than the
> plethora adduced from a web search.  tia.

Unfortunately, there is no way to give a simple answer to this type of
question.  Googling for "apache security" will obviously get you
several decent tutorials.  But none will be comprehensive and cover
everything you need to know.  Part of the problem is that it is an
extremely broad topic, and part of the problem is that it depends on
exactly what type of stuff you are serving in what environment.

If you feel you need a lot of help, there are also some decent books:
http://opensource2.atlassian.com/confluence/oss/display/BOOKS/Books+about+Httpd

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org