Apache Problem

Taking care of your Linux box.

Apache Problem

Postby munnabhai » Thu Jan 01, 2004 5:52 pm

Hi

I am trying to stop access to my site from outsiders. i had defined in httpd.conf like this


<Directory "/var/www/html">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI Multiviews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None

#
# Controls who can get stuff from this server.
#
Order allow,deny

deny from 255.255.255.255
allow from 192.168.204.0/255.255.255.224 192.168.204.32/255.255.255.224
</Directory>

i have subnetted 204 pool into four subnets. therefore has only defined 2 subnets in conf. problem is that the users on the second subnet are unable to view the site. where as others can. what problem can it be. am i doing something wrong.. please help me out.. thanks in advance
munnabhai
Cadet
 
Posts: 2
Joined: Thu Jan 01, 2004 5:47 pm

RE Apache Problem

Postby absar » Fri Jan 02, 2004 10:37 am

salam

plz do it using .htaccess file. it can do better that u want to block access and allow specific networks.

Regards
Absar Naqvi
absar
Cadet
 
Posts: 13
Joined: Sat Nov 29, 2003 11:55 pm
WLM: digitalspinner
Yahoo Messenger: digitalspinner2000
Location: Islamabad

Postby munnabhai » Fri Jan 02, 2004 5:40 pm

Yeah so bacially how shoud i define the subnets in .htaccess . guide line will help .. thanks in advance.. plus why is'nt it's good to define this way.. i mean what problem can it be
munnabhai
Cadet
 
Posts: 2
Joined: Thu Jan 01, 2004 5:47 pm

Re:

Postby LinuxFreaK » Fri Jan 02, 2004 10:23 pm

Dear munnabhai,
Salam,

Please Take a lock at http://httpd.apache.org/docs/ and also check this http://apache-server.com/tutorials/ATus ... ccess.html and if you want to do IP Access then Get a Firewall :)

Best Regards.

Do Pray For Me :)
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby fawad » Fri Jan 02, 2004 10:35 pm

munnabhai,
I think your

Code: Select all

deny from 255.255.255.255

line is redunadant and incorrect. Order Allow, Deny denies by default. Also, 255.255.255.255 gets interpreted as an IP address, not a subnet. To deny all explicitely, you wanna do

Code: Select all

deny from 0.0.0.0/0


2nd is the subnetting problem. Your bitmask is 26 characters wide. So your subnets would be

Code: Select all

0
64
128
192

So essentially
192.168.204.32/255.255.255.224
is synonymous to
192.168.204.0/255.255.255.224
due the size of the subnet.

.htaccess won't have any any bearing on the effectiveness of the restriction. It's just for overriding the settings on a per directory basis.
fawad
Site Admin
 
Posts: 918
Joined: Wed Aug 07, 2002 8:00 pm
ICQ: 17672437
Website: http://www.fawad.net
WLM: fawadhalim@hotmail.com
Yahoo Messenger: fawad2048
AOL: fawadhalim
Location: Addison, IL

Postby kashif » Fri Jan 02, 2004 11:27 pm

Assalam 0 alaikum!

Dear friends.

Please read this article about to learn Apache.


http://www.linuxhomenetworking.com/linu ... ebasic.htm



It is very helpfull

Allah Hafiz

Mian Kashif Mumtaz Kamyana
kashif
Naib Subedar
 
Posts: 305
Joined: Wed Oct 15, 2003 2:44 am
Location: Okara

Postby Kdaemon » Sat Jan 03, 2004 12:32 pm

that was good link
but www.apache.org is best :D
Kdaemon
Naib Subedar
 
Posts: 346
Joined: Sat Nov 30, 2002 12:22 pm
Location: Islamabad. GPS: LHR

Postby lambda » Sun Jan 04, 2004 1:57 am

fawad wrote:Order Allow, Deny denies by default.


no -- it simply matches against the "allow" rules before the "deny" ones.

Your bitmask is 26 characters wide.


255.255.255.224 is /27, not /26. as such, 192.168.204.32/27 and 192.168.204.0/27 are two different networks.

you could collapse that into one 192.168.204.0/26. maybe that's what the original poster should try:

Code: Select all

Order allow, deny
allow from 192.168.204.0/26
deny from all
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby fawad » Sun Jan 04, 2004 2:49 am

lambda wrote:
fawad wrote:Order Allow, Deny denies by default.


no -- it simply matches against the "allow" rules before the "deny" ones.

httpd docs say:
Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server.

I interpret that to mean deny by default.
lambda wrote:255.255.255.224 is /27, not /26. as such, 192.168.204.32/27 and 192.168.204.0/27 are two different networks.

Agreed. Bad math on my part. I calculated the mask length incorrectly then based the rest of my post on that. :)
fawad
Site Admin
 
Posts: 918
Joined: Wed Aug 07, 2002 8:00 pm
ICQ: 17672437
Website: http://www.fawad.net
WLM: fawadhalim@hotmail.com
Yahoo Messenger: fawad2048
AOL: fawadhalim
Location: Addison, IL


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron