Welcome to MobyThreads.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in
All support for the MobyThreads Threaded phpBB MOD can now be found on welsolutions at this forum

 
   Web Hosting and Web Master Forums (Home) -> Apache RSS
Next:  Creating SSL Certs  
Author Message
pbwh

External


Since: Aug 10, 2003
Posts: 6



(Msg. 1) Posted: Sat Aug 30, 2003 3:27 am
Post subject:
Archived from groups: alt>apache>configuration (more info?)
Shouldn't the following container deny access to files in the /var/www
directory (and beyond) from all clients except 12.34.56.78 ??

<Directory /var/www>

order deny,allow
deny from all
allow from 12.34.56.78

</Directory>

I put that in my httpd.conf and I can still access the files in
/var/www from a different client IP address. (Yes, after editing
httpd.conf I stopped the server, and then started it.)

Paul

 >> Stay informed about: <Directory&gt; question 
Back to top
Login to vote
betac

External


Since: Aug 30, 2003
Posts: 1



(Msg. 2) Posted: Sat Aug 30, 2003 7:47 am
Post subject: Re: [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
This doesn't work because "/var/www" is the name of the directory in
relation to your system, not to the server. What you need to do is use the
virtual directory, not the absolute one. Replace "/var/www" with "/" and
you should have it fixed (i.e. no one will be able to access anything on
your server from another IP addy).

Mike


"Paul" <pbwh DeleteThis @nospam.net> wrote in message
news:8c087207f002a368cacc06d846aac44e@news.teranews.com...
 > Shouldn't the following container deny access to files in the /var/www
 > directory (and beyond) from all clients except 12.34.56.78 ??
 >
 > <Directory /var/www>
 >
 > order deny,allow
 > deny from all
 > allow from 12.34.56.78
 >
 > </Directory>
 >
 > I put that in my httpd.conf and I can still access the files in
 > /var/www from a different client IP address. (Yes, after editing
 > httpd.conf I stopped the server, and then started it.)
 >
 > Paul<!-- ~MESSAGE_AFTER~ -->

 >> Stay informed about: <Directory&gt; question 
Back to top
Login to vote
pbwh

External


Since: Aug 10, 2003
Posts: 6



(Msg. 3) Posted: Sat Aug 30, 2003 9:17 am
Post subject: Re: [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Sat, 30 Aug 2003 04:47:00 GMT, "Mike Fuchida" <betac.DeleteThis@deltaco.us>
wrote:
 >This doesn't work because "/var/www" is the name of the directory in
 >relation to your system, not to the server. What you need to do is use the
 >virtual directory, not the absolute one. Replace "/var/www" with "/" and
 >you should have it fixed (i.e. no one will be able to access anything on
 >your server from another IP addy).


I tried "/" . That didnt work either. BTW, I think "/" refers to the
whole filesystem, not just the DocumentRoot (according to p.68 of
"Apache: The definitive guide", by Laurie).



 >"Paul" <pbwh.DeleteThis@nospam.net> wrote in message
 >news:8c087207f002a368cacc06d846aac44e@news.teranews.com...
  >> Shouldn't the following container deny access to files in the /var/www
  >> directory (and beyond) from all clients except 12.34.56.78 ??
  >>
  >> <Directory /var/www>
  >>
  >> order deny,allow
  >> deny from all
  >> allow from 12.34.56.78
  >>
  >> </Directory>
  >>
  >> I put that in my httpd.conf and I can still access the files in
  >> /var/www from a different client IP address. (Yes, after editing
  >> httpd.conf I stopped the server, and then started it.)
  >>
  >> Paul
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: <Directory&gt; question 
Back to top
Login to vote
pbwh

External


Since: Aug 10, 2003
Posts: 6



(Msg. 4) Posted: Sat Aug 30, 2003 11:17 am
Post subject: Re: [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Sat, 30 Aug 2003 06:17:28 GMT, pbwh RemoveThis @nospam.net (Paul) wrote:

 >On Sat, 30 Aug 2003 04:47:00 GMT, "Mike Fuchida" <betac RemoveThis @deltaco.us>
 >wrote:
  >>This doesn't work because "/var/www" is the name of the directory in
  >>relation to your system, not to the server. What you need to do is use the
  >>virtual directory, not the absolute one. Replace "/var/www" with "/" and
  >>you should have it fixed (i.e. no one will be able to access anything on
  >>your server from another IP addy).
 >
 >
 >I tried "/" . That didnt work either. BTW, I think "/" refers to the
 >whole filesystem, not just the DocumentRoot (according to p.68 of
 >"Apache: The definitive guide", by Laurie).

I found out what the problem was. There is another <Directory>
container that comes after the one i mentioned in the first post. It
says this:

<Directory "/var/www/htdocs">
Order allow,deny
Allow from all
</Directory>

This container overrides the first one, so that files from
/var/www/htdocs will be served to anyone.

So the solution is have one container that says:

<Directory "/var/www/htdocs">
Order deny,allow
deny from all
allow from 12.34.56.78
</Directory>

where 12.34.56.78 is the sole IP that I want to allow, and then delete
or comment out the other <Directory> container.

Paul<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: <Directory&gt; question 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Newbie - Directory Set-up Question - I would like to run an FTP program (I was thinking about using WarFTP) and Apache on my machine. What is the best way to set up the directories? If I would like to update pages remotely, should my Web directories be inside my FTP directories? I would....

Can run cgi scripts in different directory? - I am trying to get apache to run scripts from a different directory other than the standard one. (/var/www/cgi-bin). I have added the add handler statement and believe I have set up apache correctly. I here that It has something to do with chroot? Any...

Directory index query - Hi When there is no know index.* file in my root directory the contents of that directory are displayed under the heading Index of /Directory. Can anyone tell me how I disable this within the httpd.conf file. I want it to say /Forbidden or something..

Enabling one directory only for 1 IP-Adress - Hello, i want to have a directory in my global configuration, which is only available for 1 IP address; all other IP's should get a HTTP forbidden error and never see any content. Can you tell me, what is the appropriate keyword in the <Directory&...

Configure upload directory - Hello, I would like to know what/where I can configure the httpd.conf to tell apache where the upload directory is. By upload I mean files I transmit via GET or POST method in HTML. I'm using Apache2. Thx SvT
   Web Hosting and Web Master Forums (Home) -> Apache All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]