You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by ScuzzyEye <ap...@lists.scuzzyeye.com> on 2015/07/30 00:04:12 UTC

[users@httpd] Deny, Allow with Apache 2.4

I'm having a difficult time figuring out how to convert an Apache 2.2 
access rule to 2.4.

What I'm doing in 2.2 is pretty simple:

order deny,allow
deny from 192.168.1.0/24
deny from 192.168.2.0/24
allow from 192.168.1.12

So denying some sub-nets, but allowing one IP in that range, and the 
rest of the world.

All the rule conversion examples I see for 2.4 are assuming the 
deny,allow order is being used to deny from all, and then allowing a 
small number of hosts or IPs. Even with general examples, the case of 
denying a few masked IP ranges, and then allowing a part of that range 
doesn't seem to be covered, and I nothing I've tried works. The single 
granted IP never seems to picked up, but is instead swallowed by the 
larger denied range.

Thanks for any help you can offer,
Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Deny, Allow with Apache 2.4

Posted by ScuzzyEye <ap...@lists.scuzzyeye.com>.

On 7/30/2015 2:42 AM, Tobias Adolph wrote:
> Hi Chris,
>
> Am 30.07.2015 um 00:04 schrieb ScuzzyEye:
>> I'm having a difficult time figuring out how to convert an Apache 2.2
>> access rule to 2.4.
>>
>> What I'm doing in 2.2 is pretty simple:
>>
>> order deny,allow
>> deny from 192.168.1.0/24
>> deny from 192.168.2.0/24
>> allow from 192.168.1.12
>>
>> So denying some sub-nets, but allowing one IP in that range, and the
>> rest of the world.
>>
>
> Try this one:
>
> <RequireAny>
>          Require ip 192.168.1.12
>          <RequireAll>
>                  Require all granted
>                  Require not ip 192.168.1.0/24
>                  Require not ip 192.168.2.0/24
>          </RequireAll>
> </RequireAny>

As soon as I saw it, I knew that's what I was searching for. Tried it 
out, and it works perfectly.

Thanks so much!
-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Deny, Allow with Apache 2.4

Posted by Tobias Adolph <To...@lrz.de>.

Hi Chris,

Am 30.07.2015 um 00:04 schrieb ScuzzyEye:
> I'm having a difficult time figuring out how to convert an Apache 2.2 
> access rule to 2.4.
>
> What I'm doing in 2.2 is pretty simple:
>
> order deny,allow
> deny from 192.168.1.0/24
> deny from 192.168.2.0/24
> allow from 192.168.1.12
>
> So denying some sub-nets, but allowing one IP in that range, and the 
> rest of the world.
>

Try this one:

<RequireAny>
         Require ip 192.168.1.12
         <RequireAll>
                 Require all granted
                 Require not ip 192.168.1.0/24
                 Require not ip 192.168.2.0/24
         </RequireAll>
</RequireAny>

Kind regards,
Tobias Adolph



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org