You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Jason Rigby <si...@gmail.com> on 2005/01/16 10:06:50 UTC

Permissions

As far as I can see, in apache, the configuration described below is
impossible (or possible however requires a whole lot of lines of
configuration):

Allow from all computers on the Internet,
Deny from the 10.x.x.x subnet,
Allow from a particular IP address within the 10.x.x.x subnet (ie 10.0.0.14)

I can see this being done if you were to specify a very large amount
of deny directives after an "Allow from all" with Order allow,deny
however I do not see an easier way of doing this. If there is one I
would love to hear how (and if it is obvious, please spare me the
embarrassment and tell me nicely :P ), but if, as I suspect there is
no easier way, I would like to make the suggestion to incorporate a
method to accommodate this. I am no good at programming in C so I do
not have a clue of where to begin in this from a technical
perspective.

Thank you all, and sorry if I'm being ignorant in any way,
Jason

-- 
     ("`-''-/").___..--''"`-._
     `6_ 6  )   `-.  (     ).`-.__.`)
     (_Y_.)'  ._   )  `._ `. ``-..-'
   _..`--'_..-_/  /--'_.' ,'
  (il),-''  (li),'  ((!.-' 
Jason!

Go to this site and make moneys for nothing:
http://www.emailcash.com.au/join.asp?refer=F72476

Re: Permissions

Posted by Leif W <wa...@usa.net>.

> Jason Rigby; 2005 January 16 Sunday 04:06
>
> Allow from all computers on the Internet,
> Deny from the 10.x.x.x subnet,
> Allow from a particular IP address within the 10.x.x.x subnet (ie 
> 10.0.0.14)

Hi,

This might have been better to start on the Users list...

However I just tried this.

Order deny,allow
Deny from 127.
Allow from 0.0.0.0
Allow from 127.0.0.1

Which worked fine.  If you "Allow from all" instead of "Allow from 
0.0.0.0" then it doesn't work, which is weird, because I thought "all" 
was interpreted as "0.0.0.0".  You can just substitue your 10. for my 
127. and 10.0.0.14 for 127.0.0.1 and try yourself.

Anyone else care to verify or explain the difference between 'all" and 
"0.0.0.0"?  I used Apache 2.0.52 + SSL for Win32 as built by 
hunter.campbus.com .

Leif

Re: Permissions

Posted by Cliff Woolley <jw...@virginia.edu>.

On Sun, 16 Jan 2005, Jason Rigby wrote:

> Allow from all computers on the Internet,
> Deny from the 10.x.x.x subnet,
> Allow from a particular IP address within the 10.x.x.x subnet (ie 10.0.0.14)

Sure, it's possible.  Normally this is the kind of question that would be
answered on the users's mailing list, but it would take me just as much
time to tell you to go ask your question over there as it would to simply
answer it.  So here goes.  :)

Order deny,allow
Deny from 10.0.0.0/255.0.0.0
Allow from 10.0.0.14

And you're done.  :)  As you can see from the Order documentation
(http://httpd.apache.org/docs-2.0/mod/mod_access.html#order), order
deny,allow has a default of "allow".  Any client which does not match a
Deny directive or does match an Allow directive will be allowed access to
the server.  So you don't have to specify "Allow from all" explicitly, and
that's the key to your puzzle.

Hope this helps,
--Cliff