httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Todd Simons <tsim...@delphi-tech.com>
Subject RE: [users@httpd] Re: MOD_PROXY and Access Control by IP
Date Fri, 19 Nov 2010 19:33:24 GMT
Thanks Andrew, I did see this as an example on a web post.   ...the argument was made that
it's a PIA when you don't match class C subnets and have to use RegEx :-)

...I don't have class C inside, I boiled it down to Class C for the post example.

Thanks!

-----Original Message-----
From: Andrew Schulman [mailto:andrex@alumni.utexas.net]
Sent: Friday, November 19, 2010 2:18 PM
To: users@httpd.apache.org
Subject: [users@httpd] Re: MOD_PROXY and Access Control by IP

> I've been able to secure each proxy with this model:
> <Proxy http://*/App1/*>
>     Order Deny,Allow
>     #Permit IT
>     Allow from 10.1.0.0/24
>     #Permit Team1
>     Allow from 10.1.1.0/24
>     Deny from all
> </Proxy>
>
> Is there a way we can define access once for the IT Subnet (10.1.0.0/24) once instead
of per App?

One way would be

SetEnvIf Remote_Host ^10\.1\.0\. allow_IT
<Proxy http://*/App1/*>
    Order Deny,Allow
    #Permit IT
    Allow from env=allow_IT
    #Permit Team1
    Allow from 10.1.1.0/24
    Deny from all
</Proxy>

With this method you still have to include an Allow from env=allow_IT
inside every <Proxy> stanza, but at least you only have to specify their IP
address in one place.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


CONFIDENTIALITY NOTICE
This e-mail message from Delphi Technology, Inc. is intended only for the individual or entity
to which it is addressed. This e-mail may contain information that is privileged, confidential
and exempt from disclosure under applicable law. If you are not the intended recipient, you
are hereby notified that any dissemination, distribution or copying of this communication
is strictly prohibited. If you received this e-mail by accident, please notify the sender
immediately and destroy this e-mail and all copies of it.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message