[plug] Apache Access

Ben Jensz jensz at wn.com.au
Wed Sep 11 09:23:20 WST 2002 

Which version of Apache are you running?

If this machine is publicly accessible via the internet, I'd strongly 
suggest upgrading to the latest 1.3 which is 1.3.26 (or the 2.x strain) 
which resolves the chunked encoding transfer vulnerability.

In these newer versions you don't need to use access.conf and srm.conf, 
they are now redundant and all configuration variables should be put 
into httpd.conf.

If you're using a version of Apache that already has implemented the one 
file configuration policy, then you'll need to tell Apache in httpd.conf 
to look for access.conf and/or srm.conf if you've put configuration 
variables in them and you want to be able to still use those files.

HTH :)


/ Ben

Lyndon Kroker wrote:

>Well, I am really stuck!
>
>I have gone over the apache documentation:
>    http://httpd.apache.org/docs/mod/mod_access.html
>so many times my eyes are sore and I still cannot get apache to cooperate.
>
>All I want to do is:
>
>1) restrict access from certain IP addresses and domain names, and
>2) allow everyone else in.
>
>I figured that this should work:
>
><Directory "/var/www/html">
>    Options Indexes FollowSymLinks
>    Order deny,allow
>    Deny from 11.22.33.44 badguyone.com badguytwo.net
>    Allow from all
></Directory>
>
>However, I tried banning myself by both IP address and domain name and 
>neither would work.
>
>The closest I got was when I managed to get a message like "you do not have 
>permision to access the server" when I was playing around with a directory 
>like "/var/www/html/pub/test".  However when I hit reload on the browser, 
>apache happily served up the content.
>
>    me: "I want that page!"
>    apache: "Sorry, no can do."
>    me (pressing reload): "GIVE ME THAT PAGE!!"
>    apache: "Oh alright... you talked me into it."
>
>Relavent (?) information:
>
>+ I am pretty sure that apache is running as a stand alone daemon and not via 
>inetd.
>+ I am using a separate access.conf, but it only contains directives that 
>restrict certain sub directories to certain groups.
>
>I would spell check this message but it's 2:17 AM I am too damn tired!  
>
>Any help from the experts would be greatly appreciated.
>
>Thanks,
>
>Lyndon
>
>
>
>
>
>  
>

More information about the plug mailing list