httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: [users@httpd] denying access to site based on IP/CIDR
Date Wed, 09 Mar 2005 18:56:48 GMT


On Wed, 9 Mar 2005, Joshua Slive wrote:

> On Wed, 09 Mar 2005 09:42:31 -0800, Robin Lynn Frank

> > What we need to do is deny access to the entire site based on IP and/or
> > CIDR.  How and where would this best be done?  URLs with examples would
> > be most welcome.  TIA
>
> <Location />
> Order allow,deny
> Allow from all
> Deny from 123.456.789
> </Location>

You propably want to make that

	Deny from 123.456.789.0/24

as to avoid confusion; esp. when you have multiple platforms in your
organization and/or you move CIDRs between (non) apache applictions. The
reason for this is that 10.1 as an addess actually stands for 10.0.0.1 and
not the 10.1.0.0 one expect (see inet(4)) when it is a network notation.

Always saying 10.1.0.0/32 or 10.1.0.0/16 makes this perfectly clear and
portable between BSD, SVR4 and (non) apache app's.

Dw



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message