httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: mod_access broken? (Access control with partial DNS name)
Date Mon, 01 Apr 2002 20:24:28 GMT

On Mon, 1 Apr 2002, Roetto Mike B CONT SSNO wrote:

> Hello,
> I'm trying to restrict access to a particular directory based on the
> second-level domain name of the client. Based on the Mod_access
> documentation, the apache FAQ , and several examples in the Apache 1.3.24
> default config file, I setup the following:
>
> <Directory "/var/www/html/mrtg">
>         Order deny,allow
>         Deny from all
>         Allow from .mysite.net
> </Directory>
>
> This produces a 403 Forbidden error, from a client machine with a name of
> host.mysite.net .

And the error log says.... (I can guess, but it is best to know for sure.)

Three things:

1. Use "Allow from mysite.net" without the leading dot.  I don't think it
will make a difference, but that is the configuration the docs give.

2. From the server, do the following:
nslookup host.mysite.net
Then take the IP address you get and do an nslookup on that.  If you don't
get "host.mysite.net" back as the result, then your reverse DNS is
misconfigured and apache is properly denying access to a suspect client.

3. Compare the IP address you get from the nslookup to the IP address in
the access log corresponding to that client's request.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message