You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by ScuzzyEye <ap...@lists.scuzzyeye.com> on 2015/07/30 00:04:12 UTC
[users@httpd] Deny, Allow with Apache 2.4
I'm having a difficult time figuring out how to convert an Apache 2.2
access rule to 2.4.
What I'm doing in 2.2 is pretty simple:
order deny,allow
deny from 192.168.1.0/24
deny from 192.168.2.0/24
allow from 192.168.1.12
So denying some sub-nets, but allowing one IP in that range, and the
rest of the world.
All the rule conversion examples I see for 2.4 are assuming the
deny,allow order is being used to deny from all, and then allowing a
small number of hosts or IPs. Even with general examples, the case of
denying a few masked IP ranges, and then allowing a part of that range
doesn't seem to be covered, and I nothing I've tried works. The single
granted IP never seems to picked up, but is instead swallowed by the
larger denied range.
Thanks for any help you can offer,
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Deny, Allow with Apache 2.4
Posted by ScuzzyEye <ap...@lists.scuzzyeye.com>.
On 7/30/2015 2:42 AM, Tobias Adolph wrote:
> Hi Chris,
>
> Am 30.07.2015 um 00:04 schrieb ScuzzyEye:
>> I'm having a difficult time figuring out how to convert an Apache 2.2
>> access rule to 2.4.
>>
>> What I'm doing in 2.2 is pretty simple:
>>
>> order deny,allow
>> deny from 192.168.1.0/24
>> deny from 192.168.2.0/24
>> allow from 192.168.1.12
>>
>> So denying some sub-nets, but allowing one IP in that range, and the
>> rest of the world.
>>
>
> Try this one:
>
> <RequireAny>
> Require ip 192.168.1.12
> <RequireAll>
> Require all granted
> Require not ip 192.168.1.0/24
> Require not ip 192.168.2.0/24
> </RequireAll>
> </RequireAny>
As soon as I saw it, I knew that's what I was searching for. Tried it
out, and it works perfectly.
Thanks so much!
-Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Deny, Allow with Apache 2.4
Posted by Tobias Adolph <To...@lrz.de>.
Hi Chris,
Am 30.07.2015 um 00:04 schrieb ScuzzyEye:
> I'm having a difficult time figuring out how to convert an Apache 2.2
> access rule to 2.4.
>
> What I'm doing in 2.2 is pretty simple:
>
> order deny,allow
> deny from 192.168.1.0/24
> deny from 192.168.2.0/24
> allow from 192.168.1.12
>
> So denying some sub-nets, but allowing one IP in that range, and the
> rest of the world.
>
Try this one:
<RequireAny>
Require ip 192.168.1.12
<RequireAll>
Require all granted
Require not ip 192.168.1.0/24
Require not ip 192.168.2.0/24
</RequireAll>
</RequireAny>
Kind regards,
Tobias Adolph
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org