You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Joseph A Nagy Jr <pa...@charter.net> on 2002/12/13 18:28:01 UTC
[users@httpd] Using Allow,Deny for Access Control
http://dream-worlds.homelinux.org/manual/howto/auth.html#access states:
Allow and Deny
The Allow and Deny directives let you allow and deny access based on the
host name, or host address, of the machine requesting a document. The
directive goes hand-in-hand with these is the Order directive, which
tells Apache in which order to apply the filters.
The usage of these directives is:
allow from address
where address is an IP address (or a partial IP address) or a fully
qualified domain name (or a partial domain name); you may provide
multiple addresses or domain names, if desired.
For example, if you have someone spamming your message board, and you
want to keep them out, you could do the following:
deny from 11.22.33.44
Visitors coming from that address will not be able to see the content
behind this directive. If, instead, you have a machine name, rather than
an IP address, you can use that.
deny from hostname.example.com
And, if you'd like to block access from an entire domain, or even from
an entire tld (top level domain, such as .com or .gov) you can specify
just part of an address or domain name:
deny from 192.101.205
deny from exampleone.com exampletwo.com
deny from tld
Using Order will let you be sure that you are actually restricting
things to the group that you want to let in, by combining a deny and an
allow directive:
Order Deny,Allow
Deny from all
Allow from hostname.example.com
Listing just the allow directive would not do what you want, because it
will let users from that host in, in addition to letting everyone in.
What you want is to let in only users from that host.
My virtual host container:
<VirtualHost *>
ServerName dream-worlds.homelinux.org
ServerAdmin jan-jr-ent@charter.net
DocumentRoot /home/apache/dream-worlds/
<Directory "/home/apahe/dream-worlds/">
Order Allow,Deny
Allow from all
Deny from some.ip
</Directory>
Alias /chat-images/ /home/apache/images/
Options All MultiViews
ErrorLog logs/error.log
CustomLog logs/access.log common
ScriptAlias /cgi-bin/ /home/apache/dream-worlds/cgi-bin/
Options Indexes FollowSymlinks MultiViews
Alias /wav/ /home/apache/wavs/
Alias /html40/ /home/apache/html40/
Alias /css2/ /home/apache/css2/
<Directory "/home/apache/dream-worlds/cgi-bin/">
Order deny,allow
Deny from some.ip
Allow from all
</Directory>
Alias /mp3/ /home/apache/mp3/american-music/joseph-a-nagy-jr/
Alias /game-music/ /home/apache/modz/
</VirtualHost>
The problem: The user attached to some.ip can still access my website!
What am I doing wrong?
--
Joseph A Nagy Jr <pa...@charter.net>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Using Allow,Deny for Access Control
Posted by Jacob Coby <jc...@listingbook.com>.
> <Directory "/home/apahe/dream-worlds/">
> Order Allow,Deny
> Allow from all
> Deny from some.ip
> </Directory>
check your spelling, remove trailing slash
> <Directory "/home/apache/dream-worlds/cgi-bin/">
> Order deny,allow
> Deny from some.ip
> Allow from all
> </Directory>
this allows from all, you probably want it to match the first one. remove
trailing slash.
-Jacob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org