[users] https and DHE-RSA-AES256-SHA

[MM <fi...@gmail.com>]

Hi,

I run a personal https at home with no official certificate. The hostname I
use is a dynamic dns hostname.
Apache/2.4.9 OpenSSL/1.0.1e-fips PHP/5.5.12 SVN/1.8.8 mod_perl/2.0.9-dev
Perl/v5.18.2


On ssl_request I see a couple of entries like this:

TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/ HTTP/1.1" 287
TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/vtigerservice.php HTTP/1.1" 304
TLSv1 DHE-RSA-AES256-SHA "GET
/vtigercrm/graph.php?current_language=../../../../../../../..//etc/elastix.conf%00&module=Accounts&action
HTTP/1.1" 296
TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/ HTTP/1.1" 287

from undesired clients.

Is there a way to limit the IPs of clients that http/https queries can come
from?

Re: [users] https and DHE-RSA-AES256-SHA

[Mauricio Tavares <ra...@gmail.com>]

On Wed, Jun 4, 2014 at 2:55 PM, MM <fi...@gmail.com> wrote:
> Hi,
>
> I run a personal https at home with no official certificate. The hostname I
> use is a dynamic dns hostname.
> Apache/2.4.9 OpenSSL/1.0.1e-fips PHP/5.5.12 SVN/1.8.8 mod_perl/2.0.9-dev
> Perl/v5.18.2
>
>
> On ssl_request I see a couple of entries like this:
>
> TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/ HTTP/1.1" 287
> TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/vtigerservice.php HTTP/1.1" 304
> TLSv1 DHE-RSA-AES256-SHA "GET
> /vtigercrm/graph.php?current_language=../../../../../../../..//etc/elastix.conf%00&module=Accounts&action
> HTTP/1.1" 296
> TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/ HTTP/1.1" 287
>
> from undesired clients.
>
> Is there a way to limit the IPs of clients that http/https queries can come
> from?

Would this help?

http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow

There is also fail2ban. And you could setup your firewall to restrict
which IPs can reach server on the proper port

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org