[plug] Apache Access

Lyndon Kroker ljkroker at netvigator.com
Wed Sep 11 09:51:24 WST 2002 

Hi Ben,

> Which version of Apache are you running?

Here is the output of httpd -V

Server version: Apache/1.3.22 (Unix)  (Red-Hat/Linux)
Server built:   Jun 19 2002 11:55:48
Server's Module Magic Number: 19990320:10
Server compiled with....
 -D EAPI
 -D EAPI_MM
 -D EAPI_MM_CORE_PATH="/var/run/httpd.mm"
 -D HAVE_MMAP
 -D HAVE_SHMGET
 -D USE_SHMGET_SCOREBOARD
 -D USE_MMAP_FILES
 -D HAVE_FCNTL_SERIALIZED_ACCEPT
 -D HAVE_SYSVSEM_SERIALIZED_ACCEPT
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="/var/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="/var/run/httpd.scoreboard"
 -D DEFAULT_LOCKFILE="/var/run/httpd.lock"
 -D DEFAULT_XFERLOG="/var/log/httpd/access_log"
 -D DEFAULT_ERRORLOG="/var/log/httpd/error_log"
 -D TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
 -D ACCESS_CONFIG_FILE="conf/access.conf"
 -D RESOURCE_CONFIG_FILE="conf/srm.conf"


> In these newer versions you don't need to use access.conf and srm.conf,
> they are now redundant and all configuration variables should be put
> into httpd.conf.

Originally I decided to put the directives in access.conf in preference to 
having everything in httpd.conf even though access.conf was no longer used.  
I set up httpd.conf so that access.conf would be read.  Generally this worked 
okay and the directives in access.conf were working properly.  I did this so 
that the configuration was similar to another server we had thinking that the 
server could be more easily manged by other people on the team.  (I didn't 
mind them screwing up access.conf, but I didn't want them playing with 
httpd.conf.)  Having said that I will today put my <Directory> directives 
back into hppd.conf.

My next step will be to ban absolutely everbody except for one IP address.  
If I can do that then i know it's just me writing incorrect directives.

Here is what I am going to try:


<Directory "/var/www/html">
Order Allow, Deny
Allow from 11.22.33.44
Deny from all
</Directory>

According to apache documentation the "Order Allow,Deny" sets the default 
policy to deny.

At first I thought the allow and deny directives worked like firewall rules 
where the "first match wins" but... I don't think that's right.

I'll keep working on it.

Thanks again Ben.

More information about the plug mailing list