+ Post New Thread
Results 1 to 6 of 6
Internet Related/Filtering/Firewall Thread, Apache , Httpd.conf, deny in Technical; Hi, I'm running Ubuntu 12.04 as a webserver. I'm trying to restrict access to a folder by adding a rule ...
  1. #1

    Join Date
    May 2010
    Location
    Stoke on Trent
    Posts
    77
    Thank Post
    8
    Thanked 3 Times in 3 Posts
    Rep Power
    9

    Apache , Httpd.conf, deny

    Hi,

    I'm running Ubuntu 12.04 as a webserver. I'm trying to restrict access to a folder by adding a rule to httpd.conf
    The only users I want to be able to access this folder are on the local LAN, where all IP addresses begin with 123.456

    <directory /path/to/folder>
    Order Allow,Deny
    Allow from 123.456
    </directory>

    From what I understand, access should be denied by default & only IP addresses that start with '123.456' should be allowed

    This isn't working. The rule blocks everything. if I change the Allow rule to a full IP address it's still the same...

    I'm all ears for ideas!!

  2. #2


    Join Date
    May 2009
    Posts
    2,923
    Thank Post
    259
    Thanked 773 Times in 588 Posts
    Rep Power
    284
    Do you have AllowOverride set at the web root or virtual host level?

  3. #3

    Join Date
    May 2010
    Location
    Stoke on Trent
    Posts
    77
    Thank Post
    8
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    I inherited this server so it's a bit of a mystery to me. I have a number of sites (including a staff and student intranet) . Each site has a virtual host file containing this code:

    <directory />
    Options FollowSymLinks
    AllowOverride None
    </directory>

    <directory /path/to/web folder/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
    </directory>

    As an experiment I stripped out both these directives and replaced them with:

    # Intranet settings
    <directory /path/to/Intranet folder/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from 123.456
    </directory>

    This *should* restrict access to the intranet folder to only local network addresses. I'm not sure if it's working as it should but it's certainly not stopping anyone (on the local network) from accessing the site.

    If I drop almost the same settings into the web page virtual host file

    <directory /path/to/web folder/folder I want to block access to>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from 123.456
    </directory>

    I get a 'Forbidden - You don't have permission to access /folderName/ on this server' when I try and access it from a local network address (beginning with 123.456) If I change 'allow from 123.456' to 'allow from all' - it lets me in.

    If there is an 'AllowOverride' somewhere else on my server that is stopping this from working, it doesn't make sense to me that I can toggle between 'everyone can access this folder' and 'no-one can access this folder'

    If I'm being dim here, let me know!

  4. #4


    Join Date
    May 2009
    Posts
    2,923
    Thank Post
    259
    Thanked 773 Times in 588 Posts
    Rep Power
    284
    I can't see a problem (although obviously there is one) - I'm assuming your 123.456 is a valid IP and not actually 123.456! I'd probably try setting AllowOveride Limit and then using allow in an .htaccess file. Also what do the logs tell you about the IP the server is actually seeing? Is a proxy perhaps interfering and passing on it's IP rather than the clients?

  5. #5

    Join Date
    May 2010
    Location
    Stoke on Trent
    Posts
    77
    Thank Post
    8
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    Hi, thanks for that

    I think this is the key : "Is a proxy perhaps interfering and passing on it's IP rather than the clients?" This is just a guess but when I look at the intranet, traffic is being pushed straight through to the server. When I look at the website traffic is being pushed through the proxy server. Probably can be sorted with a DNS entry + host file change...

  6. #6

    Join Date
    May 2010
    Location
    Stoke on Trent
    Posts
    77
    Thank Post
    8
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    Yep, just dropped in an entry into DNS and it works a treat

SHARE:
+ Post New Thread

Similar Threads

  1. httpd.conf
    By clarky2k3 in forum Web Development
    Replies: 3
    Last Post: 12th June 2008, 05:26 PM
  2. Apache + IIS On the same box?
    By in forum Windows
    Replies: 25
    Last Post: 7th March 2006, 03:12 PM
  3. GPMC "Access Denied" for Administrator
    By Gatt in forum Windows
    Replies: 9
    Last Post: 8th February 2006, 06:25 PM
  4. Free multi-point video conf software
    By Dos_Box in forum Downloads
    Replies: 1
    Last Post: 5th February 2006, 09:42 PM
  5. Adduser.conf parse errors
    By ChrisH in forum *nix
    Replies: 4
    Last Post: 18th November 2005, 11:10 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •