[plug] Apache access.conf
Leon Brooks
leon at brooks.fdns.net
Sun Nov 24 23:12:06 WST 2002
On Sunday 24 November 2002 09:14 pm, Robert Andrews wrote:
>>> [error] [client 203.57.132.141] client denied by server configuration:
>>> /usr/doc/apache
>>> However the client address is 192.168.3.10 a windows machine
> Levsky asked:
>> You're not running a proxy are you?
> Well Im running squid and bind Debian Potato
My best guess is that 192.168.3.10 is going through the proxy, so from
Apache's PoV is coming from the external interface to your machine.
There are several possible solutions if so.
1. Tell Apache to listen on the internal interface too (typically
192.168.3.254 or 192.168.3.1) and the client either to not proxy
local requests and/or not proxy requests to that address (not a
problem if you're using transparent proxy, though). Aim
192.168.3.10's browser at the internal address (and/or make a
name for it, not necessarily in an externally-visible domain -
you do have forward and reverse DNS lookup working on your LAN,
don't you?).
2. Do your filtering in Squid (ie, deny access to your gateway
machine's IP address except for requests sourced from
192.168.3.10).
3. Do your filtering on the HTTP headers, in particular the headers
identifying the IP for which the proxying is being done. This is
probably the weakest approach in terms of being spoofable.
Cheers; Leon
More information about the plug
mailing list