httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Soumendu Bhattacharya" <soumendu_bhattacha...@non.agilent.com>
Subject RE: [users@httpd] Block IP
Date Wed, 04 Jun 2008 19:25:45 GMT
You need to use <Location > directive to block ip's from Apache (which is
being served by jboss) 

You will also need to restart Apache everytime you add modify any ACL 
 
-----Original Message-----
From: André Warnier [mailto:aw@ice-sa.com] 
Sent: Thursday, June 05, 2008 12:56 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Block IP



Mohit Anchlia wrote:
> Few questions:
> 
> 1. We have a webserver and we use mod_jk to redirect request to a servlet
to
> our App server. Given this situation where file on the web server doesn't
> get accessed how can I block the IP at web server. Only option that I know
> of is RewriteCond. Is that what's advisable.

Just a naïve question : if you are not using the webserver itself 
(presumably Apache), and just use it to redirect all requests (via 
mod_jk) to your App server (presumably Tomcat or a derivative), then why 
do you have the webserver at all ?  Why not eliminate the webserver and 
mod_jk, have your Appserver listen directly on port 80, and cut out the 
complication and overhead ?
You can block/allow IP's at the Tomcat level too.
See : http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html

> 
> 2. Another question I had was sometimes we don't get real physical IP of
the
> machine but the IP of something that's in between like "router", is there
a
> way to get the real IP so that we don't end up blocking people coming from
> that "router" or "proxy"

In my opinion, you cannot.  The whole point of such routers and proxies 
is to make the requests look like they are coming from the router/proxy, 
so that is the sender IP address you are seeing at your server level, 
and that's it.  Your server never receives the original requester IP 
address.

> 
> 3. Do I need to start the web server everytime new RewriteRule is added ?
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org






---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message