httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject NetGroup and AccessPolicy directive suggestion for mod_acces (fwd)
Date Thu, 06 Feb 1997 23:50:13 GMT

Acked.

---------- Forwarded message ----------
Date: Thu, 6 Feb 1997 21:40:41 +0100 (MET)
From: Fabien COELHO <coelho@cri.ensmp.fr>
To: apache-bugs@mail.apache.org
Cc: coelho@cri.ensmp.fr
Subject: NetGroup and AccessPolicy directive suggestion for mod_acces

Something I posted in some newsgroup some time ago...


Hope these suggestions might find implementors in the Apache group.
The first ones seems quite easy and straightforward to implement, I could
even think of doing it myself, but I do not feel the right to modify
someone else code. Also I would not like to have to patch the source code
each time I get a new version of Apache, thus I guess it should be done
by the core group of Apache developers.
 
 
(1) Here is a suggestion that could help simplify and clarify access
configuration. A NetGroup directive with an ITERATE2 syntax would allow to
define netgroups at the serveur level. The defined netgroups could be used
in place of expected machine/domain names or IP numbers in the allow and
deny directives. For instance:
 
####
#
# Note that RFC 1123/RFC 952 forbid _ in host names, hence netgroup names
# that contain this character cannot interact with real host names.
#
NetGroup cri_machines 10.3.4.
NetGroup cri_machines foo bla
NetGroup cas_machines 10.3.6. 
# netgroups could be reused in a netgroup directive:
NetGroup ensmp_machines cri_machines cas_machines
#
[...]
allow from ensmp_machines
#
####
 
(2) Also the following suggestion might also help clarify access control
configuration: The idea is to define an AccessPolicy once with may
includes order, deny and allow directives, and to reuse this access policy
latter on. Example:
 
####
# (I guess a la headers continuations are ok 
#  within apache configuration files?)
SetAccessPolicy my_machines_are_ok 
        order deny,allow 
        deny from all 
        allow from .foo.bar
#
<Directory proxy:*>
AccessPolicy my_machines_are_ok
</Directory>
#
####
 
 
Fabien.
 
-- 
Fabien COELHO __ http://www.cri.ensmp.fr/~coelho __ coelho@cri.ensmp.fr
 CRI-ENSMP, 35, rue Saint-Honor, F-77305 Fontainebleau cedex, France
  phone: (+33|0) 1 64 69 {voice: 48 52, fax: 47 09, standard: 47 08}
      ________  All opinions expressed here are mine  _________
 



Mime
View raw message