hosts.deny doesn't work for web services
Hi everyone :-) On one of my machines I'm running a zope server. This server should only be accessible from my LAN so I set: hosts.deny ALL: ALL The hosts.deny manual states: This denies all service to all hosts, unless they are permitted access by entries in the allow file. Ping and ssh connects are refused but the web services provided by zope are still accessible from the outside. Is this a bug or am I missing something here? Cheers, Nikolai -- 1984 is not a howto! Égalité (+ 1848) Fraternité (+ 1914) Liberté (+ 2001) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: hosts.deny doesn't work for web services
Hello Nikolai Hlubek ([EMAIL PROTECTED]) wrote: On one of my machines I'm running a zope server. This server should only be accessible from my LAN so I set: hosts.deny ALL: ALL The hosts.deny manual states: This denies all service to all hosts, unless they are permitted access by entries in the allow file. Ping and ssh connects are refused but the web services provided by zope are still accessible from the outside. Is this a bug or am I missing something here? hosts_access only works for services that are started through tcpwrapper or are built against libwrap. Your web server probably isn't. If you use Apache, configure it to listen to the IP address of your LAN interface only. best regards Andreas Janssen -- Andreas Janssen [EMAIL PROTECTED] PGP-Key-ID: 0xDC801674 ICQ #17079270 Registered Linux User #267976 http://www.andreas-janssen.de/debian-tipps-sarge.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: hosts.deny doesn't work for web services
Nikolai Hlubek napisał(a): On one of my machines I'm running a zope server. This server should only be accessible from my LAN so I set: hosts.deny ALL: ALL The hosts.deny manual states: This denies all service to all hosts, unless they are permitted access by entries in the allow file. Ping and ssh connects are refused but the web services provided by zope are still accessible from the outside. Is this a bug or am I missing something here? You are missing the fact that only services which use hosts.deny (those served by inetd or those using libwrap (IIRC)) will be affected. In your case, you'll probably need to search somewhere else. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: hosts.deny doesn't work for web services
Nikolai Hlubek wrote: On one of my machines I'm running a zope server. This server should only be accessible from my LAN so I set: hosts.deny ALL: ALL ... Ping and ssh connects are refused but the web services provided by zope are still accessible from the outside. Is this a bug or am I missing something here? I know that Apache, because it doesn't use the tcpwrappers library, isn't affected by hosts.allow and hosts.deny. You have to configure the equivalent in Apache's own config files. I've never used zope but perhaps it works the same way. You could look through the docs for any mention of tcpwrappers? HTH, Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: hosts.deny doesn't work for web services
On Mon, 17 Oct 2005 16:32:34 +0200 Nikolai Hlubek [EMAIL PROTECTED] wrote: Hi everyone :-) On one of my machines I'm running a zope server. This server should only be accessible from my LAN so I set: hosts.deny ALL: ALL The hosts.deny manual states: This denies all service to all hosts, unless they are permitted access by entries in the allow file. Ping and ssh connects are refused but the web services provided by zope are still accessible from the outside. Is this a bug or am I missing something here? Cheers, Nikolai I'm pretty sure hosts.allow only works for a small set of services wrapped by the tcpd deamon. I think your gonna need iptables to block your web server. You might try shorewall if you dislike writing iptables scripts as much as I do. BTW: I don't think tcpd has anything do to with ping being blocked. Hopefully someone else on the list will correct me if I'm wrong. //andy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]