httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject NetGroup and AccessPolicy directive suggestion for mod_acces (fwd)
Date Thu, 06 Feb 1997 23:50:13 GMT


---------- Forwarded message ----------
Date: Thu, 6 Feb 1997 21:40:41 +0100 (MET)
From: Fabien COELHO <>
Subject: NetGroup and AccessPolicy directive suggestion for mod_acces

Something I posted in some newsgroup some time ago...

Hope these suggestions might find implementors in the Apache group.
The first ones seems quite easy and straightforward to implement, I could
even think of doing it myself, but I do not feel the right to modify
someone else code. Also I would not like to have to patch the source code
each time I get a new version of Apache, thus I guess it should be done
by the core group of Apache developers.
(1) Here is a suggestion that could help simplify and clarify access
configuration. A NetGroup directive with an ITERATE2 syntax would allow to
define netgroups at the serveur level. The defined netgroups could be used
in place of expected machine/domain names or IP numbers in the allow and
deny directives. For instance:
# Note that RFC 1123/RFC 952 forbid _ in host names, hence netgroup names
# that contain this character cannot interact with real host names.
NetGroup cri_machines 10.3.4.
NetGroup cri_machines foo bla
NetGroup cas_machines 10.3.6. 
# netgroups could be reused in a netgroup directive:
NetGroup ensmp_machines cri_machines cas_machines
allow from ensmp_machines
(2) Also the following suggestion might also help clarify access control
configuration: The idea is to define an AccessPolicy once with may
includes order, deny and allow directives, and to reuse this access policy
latter on. Example:
# (I guess a la headers continuations are ok 
#  within apache configuration files?)
SetAccessPolicy my_machines_are_ok 
        order deny,allow 
        deny from all 
        allow from
<Directory proxy:*>
AccessPolicy my_machines_are_ok
Fabien COELHO __ __
 CRI-ENSMP, 35, rue Saint-Honor, F-77305 Fontainebleau cedex, France
  phone: (+33|0) 1 64 69 {voice: 48 52, fax: 47 09, standard: 47 08}
      ________  All opinions expressed here are mine  _________

View raw message