RE: Apache issue

From: Derick Anderson (danderson_at_vikus.com)
Date: 06/22/05

  • Next message: George Lantz: "RE: generalInfo"
    Date: Wed, 22 Jun 2005 13:10:40 -0400
    To: <focus-linux@securityfocus.com>
    
    

    Sorry if this gets posted twice - our company has a .net and a .com and
    I registered the .net email while the .com is the primary sender...
    sigh.

    The Apache documentation at
    http://httpd.apache.org/docs-2.0/mod/mod_access.html#order will be
    helpful to you. Essentially, you must order the Allow,Deny statement the
    same way as your Allow from/Deny from statements. Example:

    <Directory /foo/bar>
            Order Deny,Allow
            Deny from all
            Allow from 192.168.1.0/255.255.255.0
    </Directory>

    Derick Anderson
     

    > -----Original Message-----
    > From: anita.salerno@talk21.com [mailto:anita.salerno@talk21.com]
    > Sent: Wednesday, June 22, 2005 3:44 AM
    > To: focus-linux@securityfocus.com
    > Subject: Apache issue
    >
    > Hello,
    > I'm using Apache/2.0.52 on Fedora Core 3. I've copied the
    > configuration file of the previous apache's version on a Redhat, as I
    > do everytime when upgrading to a new version of Apache (I configured
    > only the new httpd.conf manually), and now the problem is that none of

    > the security measures is working, I'm bypassing all of them (.htaccess

    > and ip list specification).
    >
    > The mod_access module is enabled.
    >
    > In my httpd.conf, I have:
    >
    > AllowOverride All
    >
    > <Directory /www/html/directory/rzone>
    > Order Allow,Deny
    > Allow from 10.0.10.
    > Deny from all
    > </Directory>
    >
    >
    >
    > My .htaccess is:
    > AuthType Basic
    > AuthName Welcome
    > AuthUserFile /www/html/directory/rzone/.htmdp
    >
    > <Limit GET POST>
    > require valid-user
    >
    > Order Allow,Deny
    > Allow from 10.0.10.
    > Deny from all
    > </Limit>
    >
    > When I was desprate, I've configured the access file as follow:
    >
    > Order Allow,Deny
    > Deny from all
    >
    > and I still have access to the web site.
    >
    > Any idea ?
    >


  • Next message: George Lantz: "RE: generalInfo"