httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dev Raj <devaraj.takhellam...@gmail.com>
Subject Re: [users@httpd] Restrict Access to a set of IP in a specific URL
Date Sun, 19 Jan 2014 05:55:25 GMT
Thanks everyone for getting back on this one,

If I have to do this in as per Jeff, which file should I be changing?
Each vhost can do this in a separate <Directory /myapp/my-test1/demo/>
block but does not seem useful . I would keep this out of Tomcat, but thats
just me.


I also read that, we can use in the Tomcat context.xml file...Has anyone
tried this?

<Context antiJARLocking="true" path="/">
 <Valve className="org.apache.catalina.valves.RemoteIpValve" />
 <Valve className="org.apache.catalina.valves.RemoteAddrValve"
deny="{IP_address}" />
</Context>




On Sun, Jan 19, 2014 at 8:32 AM, John List <johnlist@gulfbridge.net> wrote:

>
> On 01/18/2014 09:59 PM, John List wrote:
>
> On 01/18/2014 06:45 PM, Jeff Dyke wrote:
>
> Remember that IPs are easily spoofed.
>
>  Actually, since HTTP is based on a TCP connection, I don't know that you
> can say that IP addresses can be spoofed in the web context.
>
>
>
> (IP addresses can be spoofed, but that's not a security problem in a web
> context since any response from the web server will be directed to the
> spoofed IP address, not the one that spoofed it.)
>
>  but we all do it, and the access restrictions are so much cleaner, as
> well as other things in apache2.4, so if you can i'd upgrade.  You're
> obviously building these as VHosts, so they can go int the virutual host
> container, but you want this page:
> http://httpd.apache.org/docs/2.2/howto/access.html and
> http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow
>
>  In Apache 2.2
>
>  Order allow, deny
> Allow from 172.168.10
>
>  Each vhost can do this in a separate <Directory /myapp/my-test1/demo/>
> block but does not seem useful . I would keep this out of Tomcat, but
> thats just me.
>
>  Again, if you have the ability upgrade to 2.4, disable mod_compatibility
> and use the require all syntax, it will take more work, but apache has come
> a long way sing 2.2.
>
>
>
> On Sat, Jan 18, 2014 at 2:46 PM, Dev Raj <devaraj.takhellambam@gmail.com>wrote:
>
>> Hi,
>>
>> I have Apache 2.2 installed on my Unix Server and have a couple of
>> Application servers running each of them having similar Document Root.
>>
>> For example,
>> The URLS will look like below
>>
>> https://my-test1.com/demo/index.html
>> https://my-prod1.com/demo/index.html
>> https://my-qa1.com/demo/index.html
>>
>> The directory(Tomcat) folder looks like
>> /myapp/my-test1/demo/index.html
>> /myapp/my-prod1/demo/index.html
>> /myapp/my-qa1/demo/index.html
>>
>>
>> I would like to restrict access to the above prod1 URL for a specific set
>> of IP's. How can I achieve this. Please tell.
>>
>> --
>> Regards,
>> Devaraj
>>
>
>
>
>


-- 
Regards,
Devaraj

Mime
View raw message