On 01/18/2014 06:45 PM, Jeff Dyke wrote:
Remember that IPs are easily spoofed.
(IP addresses can be spoofed, but that's not a security problem in a web
context since any response from the web server will be directed to the
spoofed IP address, not the one that spoofed it.)
but we all do it, and the access restrictions are so much cleaner, as
well as other things in apache2.4, so if you can i'd upgrade. You're
obviously building these as VHosts, so they can go int the virutual
host container, but you want this page:
http://httpd.apache.org/docs/2.2/howto/access.html and
http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow
In Apache 2.2
Order allow, deny
Allow from 172.168.10
Each vhost can do this in a separate <Directory /myapp/my-test1/demo/>
block but does not seem useful . I would keep this out of Tomcat, but
thats just me.
Again, if you have the ability upgrade to 2.4, disable
mod_compatibility and use the require all syntax, it will take more
work, but apache has come a long way sing 2.2.
On Sat, Jan 18, 2014 at 2:46 PM, Dev Raj
<devaraj.takhellam...@gmail.com
<mailto:devaraj.takhellam...@gmail.com>> wrote:
Hi,
I have Apache 2.2 installed on my Unix Server and have a couple of
Application servers running each of them having similar Document
Root.
For example,
The URLS will look like below
https://my-test1.com/demo/index.html
https://my-prod1.com/demo/index.html
https://my-qa1.com/demo/index.html
The directory(Tomcat) folder looks like
/myapp/my-test1/demo/index.html
/myapp/my-prod1/demo/index.html
/myapp/my-qa1/demo/index.html
I would like to restrict access to the above prod1 URL for a
specific set of IP's. How can I achieve this. Please tell.
--
Regards,
Devaraj
