You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Robin Lynn Frank <rl...@paradigm-omega.com> on 2005/03/09 18:42:31 UTC

[users@httpd] denying access to site based on IP/CIDR

Since the person who normally handles our server is on a plane, I'll
have to ask the question.  If it appears to be a dumb one, my apologies.

What we need to do is deny access to the entire site based on IP and/or
CIDR.  How and where would this best be done?  URLs with examples would
be most welcome.  TIA
-- 
 Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Website:   http://www.paradigm-omega.com/
RSS:       http://paradigm-omega.blogspot.com/atom.xml
Spamtraps: http://www.paradigm-omega.net/cgi-bin/custmail.cgi
=====================================================================
By the time I get it to work,
the next version is released.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] denying access to site based on IP/CIDR

Posted by Robin Lynn Frank <rl...@paradigm-omega.com>.

On Wed, 2005-03-09 at 10:56, Dirk-Willem van Gulik wrote:
> On Wed, 9 Mar 2005, Joshua Slive wrote:
> 
> > On Wed, 09 Mar 2005 09:42:31 -0800, Robin Lynn Frank
> 
> > > What we need to do is deny access to the entire site based on IP and/or
> > > CIDR.  How and where would this best be done?  URLs with examples would
> > > be most welcome.  TIA
> >
> > <Location />
> > Order allow,deny
> > Allow from all
> > Deny from 123.456.789
> > </Location>
> 
> You propably want to make that
> 
> 	Deny from 123.456.789.0/24
> 
> as to avoid confusion; esp. when you have multiple platforms in your
> organization and/or you move CIDRs between (non) apache applictions. The
> reason for this is that 10.1 as an addess actually stands for 10.0.0.1 and
> not the 10.1.0.0 one expect (see inet(4)) when it is a network notation.
> 
> Always saying 10.1.0.0/32 or 10.1.0.0/16 makes this perfectly clear and
> portable between BSD, SVR4 and (non) apache app's.
> 
> Dw
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

Thanks to all who helped.  What you showed me works just fine.
-- 
 Robin Lynn Frank - Director of Operations - Paradigm-Omega, LLC
Website:   http://www.paradigm-omega.com/
RSS:       http://paradigm-omega.blogspot.com/atom.xml
Spamtraps: http://www.paradigm-omega.net/cgi-bin/custmail.cgi
=====================================================================
I will not!  You killed them, you sort them!


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] denying access to site based on IP/CIDR

Posted by Dirk-Willem van Gulik <di...@webweaving.org>.

On Wed, 9 Mar 2005, Joshua Slive wrote:

> On Wed, 09 Mar 2005 09:42:31 -0800, Robin Lynn Frank

> > What we need to do is deny access to the entire site based on IP and/or
> > CIDR.  How and where would this best be done?  URLs with examples would
> > be most welcome.  TIA
>
> <Location />
> Order allow,deny
> Allow from all
> Deny from 123.456.789
> </Location>

You propably want to make that

	Deny from 123.456.789.0/24

as to avoid confusion; esp. when you have multiple platforms in your
organization and/or you move CIDRs between (non) apache applictions. The
reason for this is that 10.1 as an addess actually stands for 10.0.0.1 and
not the 10.1.0.0 one expect (see inet(4)) when it is a network notation.

Always saying 10.1.0.0/32 or 10.1.0.0/16 makes this perfectly clear and
portable between BSD, SVR4 and (non) apache app's.

Dw

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] denying access to site based on IP/CIDR

Posted by Joshua Slive <js...@gmail.com>.

On Wed, 09 Mar 2005 09:42:31 -0800, Robin Lynn Frank
<rl...@paradigm-omega.com> wrote:
> Since the person who normally handles our server is on a plane, I'll
> have to ask the question.  If it appears to be a dumb one, my apologies.
> 
> What we need to do is deny access to the entire site based on IP and/or
> CIDR.  How and where would this best be done?  URLs with examples would
> be most welcome.  TIA

<Location />
Order allow,deny
Allow from all
Deny from 123.456.789
</Location>

See:
http://httpd.apache.org/docs-2.0/mod/mod_access.html

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org