Usually I deny everything from my more secure sites and allow only specific IP address blocks. This page is what helped me in setting up access control...
http://httpd.apache.org/docs/mod/mod_proxy.html This part in particular may be of some help Controlling access to your proxy You can control who can access your proxy via the normal <Directory> control block using the following example: <Directory proxy:*> Order Deny,Allow Deny from [machines you'd like *not* to allow by IP address or name] Allow from [machines you'd like to allow by IP address or name] </Directory> A <Files> block will also work, and is the only method known to work for all possible URLs in Apache versions earlier than 1.2b10. Also this might help... http://httpd.apache.org/docs/howto/auth.html#access It sounds like you would have to deny each IP address you want to restrict. If you have a single class C address bank that could take some effort. If you have multiple banks you could always put those you don't want accessing the server on your restricted address bank. Will take some work to figure out exactly how you want / could do this. If this doesn't help you should consider joining their mail list (unless someone here has a better answer of course ::grinz::) Good Luck > >>>> >I'm having trouble with apache and its deny directive. Here is what i've >>>> >done: >>>> > >>>> >In my httpd.conf file, and in the main directory I've added >>>> > >>>> ># >>>> > Order allow,deny >>>> > Allow from all >>>> > deny 63.228.212.200 >>>> ></Directory> >>>> > >>>> >But, I still see hits from this IP. >>>> > >>>> >Also, can someone tell me how to use the file access.conf >>>> > >>> >>> You will still log hits, the web server has to send back it's >>> response......anyway, looks like what you really want to do is use IP >>> chains or eqv to block the IP from that port, or use inetd or xinetd if >>> load allows.... >> > >Good points. I guess I should still see the hits. > >I don't know how to use ipchains or iptables (I should learn), but this >isn't what I want in this particular case. I want to deny a specific user >and see if they are attempting to get in. > >Also, how can I deny a block of IP addresses in apache. > >thank. > > > > > _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
