Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 61603 invoked by uid 500); 21 Jan 2003 16:57:21 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 61591 invoked from network); 21 Jan 2003 16:57:21 -0000 Received: from mail.unirez.com (HELO ender.unirez.com) (12.106.208.115) by 208.185.179.12.available.above.net with SMTP; 21 Jan 2003 16:57:21 -0000 Received: (qmail 23679 invoked by uid 111); 21 Jan 2003 16:37:11 -0000 Received: from jtinley@unirez.com by ender.unirez.com with qmail-scanner-1.00 (sweep: 2.10/3.64. . Clean. Processed in 1.036257 secs); 21 Jan 2003 16:37:11 -0000 Received: from h178.unirez.com (HELO 10249) (192.168.1.178) by ender.unirez.com with SMTP; 21 Jan 2003 16:37:10 -0000 From: "Jeremy Tinley" To: Date: Tue, 21 Jan 2003 10:37:01 -0600 Message-ID: <000a01c2c16b$52c07040$b201a8c0@unirez.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal In-Reply-To: <005101c2c169$cf0f2bc0$4176d9d0@careinsite.com> X-Spam-Rating: 208.185.179.12.available.above.net 1.6.2 0/1000/N Subject: RE: [users@httpd] how to block hackers ? DocumentRoot is chroot environment, meaning someone can't access http://yourserver/../../etc/passwd, however, if they have access to the filesystem, this is still an option. To be honest, if you're not using shadows in place of the passwd file, = you're asking for trouble to begin with. The workarounds really depend upon what kind of environment you have = setup. If there will be trusted vs. untrusted users accessing your machine, = what type of content you are serving, etc. If you feel comfortable, provide some = detail as to what this server will be doing so that others can make more = meaningful suggestions about your environment: Who has access to change the content? Are you going to be allowing FTP access or will the modifications come directly on the server? If so, are these users trusted users, employees, or customers? As for your other question, there is a directive for the httpd.conf file = (that usually comes turned on by default) that disallows viewing of the = .htaccess files, so yes, you can restrict certain IPs (either blocked, or allowed) = to certain actions. -J -----Original Message----- From: R'twick Niceorgaw [mailto:public@utkalika.net]=20 Sent: Tuesday, January 21, 2003 10:26 AM To: apache user list Subject: [users@httpd] how to block hackers ? Hi all, is there any way i can specify in httpd.conf or htaccess file to deny = access to a specific IP if certain criteria is met in the request like if some = one tries to access /.htaccess or ../../etc/passwd ? Regards R'twick --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server = Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org