httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathon Koyle <literea...@gmail.com>
Subject Re: [users@httpd] The Require Directives
Date Thu, 29 Nov 2018 22:41:09 GMT
You might try this, with some simple testing it seems to work...
<RequireAll>
        Require host usurf.usu.edu denied
        Require host c01622.usurf.usu.edu
    </RequireAll>

    <RequireAll>
        Require not host usurf.usu.edu
        Require ip 0.0.0.0/1
    </RequireAll>

    <RequireAll>
        Require not host usurf.usu.edu
        Require ip 128.0.0.0/1
    </RequireAll>

On Thu, Nov 29, 2018 at 2:23 PM Bill Tantzen <tantz001@umn.edu> wrote:

> Sorry this is turning out to be so confusing!  What I'm hoping to do,
> in pseudo-config would be something like this:
>
> Require not host bigdomain.com .     ## nobody from the entire domain
> gets in!
> Require host buddy.bigdomain.com   ## except this single client
> Require all granted                             ## and the rest of the
> world!
>
> I'm not sure this can even be done at the apache level, much less how to
> do it.
> Thanks for looking!
> Bill
> On Thu, Nov 29, 2018 at 3:10 PM Jonathon Koyle <litereader@gmail.com>
> wrote:
> >
> > So, you want to restrict access to the host to a single machine on a
> specific domain with a non-static IP, OR to any machine not on the domain?
> >
> > On Thu, Nov 29, 2018 at 12:34 PM Bill Tantzen <tantz001@umn.edu> wrote:
> >>
> >> No that's not exactly what I meant.  What I mean is something like
> >> this -- although actually typing it seems like it can't possibly be
> >> done:
> >>
> >> <RequireAny>
> >>   Require not host xxx.com
> >>   Require host ok.xxx.com
> >> </ReqiureAny>
> >>
> >> I realize "not host" is not allowed here, but it maybe helps explain
> >> what I want to do: Block an entire domain except for a single host.
> >> --Bill
> >> On Thu, Nov 29, 2018 at 1:24 PM Jonathon Koyle <litereader@gmail.com>
> wrote:
> >> >
> >> > You want to only allow access to a server at a specific hostname,
> (that is how I understand you question).   One way, that would work, is
> something like
> >> >
> >> > Listen 80
> >> > <VirtualHost *:80>
> >> >     # This is the default host for this port (assuming it is the
> first declaration for a host on this port) all server names that do not
> match another will hit this location
> >> >    <Location />
> >> >        Require all denied
> >> >     </Location>
> >> > </VirtualHost>
> >> >
> >> > <VirtualHost *:80>
> >> >     ServerName ok.yyy.zzz.com
> >> >     # Put the rest of the host configuration here
> >> > </VirtualHost>
> >> >
> >> > Assuming there are no other virtual hosts defined on this machine,
> this should return a forbidden for any attempt to access the host at port
> 80 through any method name but ok.yyy.zzz.com
> >> >
> >> > On Thu, Nov 29, 2018 at 11:18 AM Bill Tantzen <tantz001@umn.edu>
> wrote:
> >> >>
> >> >> Experts,
> >> >>
> >> >> My environment is RHEL7 and apache 2.4.6
> >> >>
> >> >> I am looking for the seemingly tricky combination of directives
> >> >> (Require, RequireAll, RequireAny...) that will allow me to deny
> access
> >> >> to an entire domain except for, say, one particular host.
> >> >>
> >> >> For instance, how do deny access to
> >> >>    yyy.zzz.com
> >> >>  except for
> >> >>    ok.yyy.zzz.com
> >> >>
> >> >> Is this even possible?  I have tried every combination of
> >> >> authorization containers that I can think of, each of which so far
is
> >> >> either too restrictive or too weak.
> >> >>
> >> >> Any ideas or suggestions for a good tutorial (believe me, I have
> searched)!!
> >> >> Thanks in advance!
> >> >> -- Bill
> >> >> --
> >> >> Human wheels spin round and round
> >> >> While the clock keeps the pace... -- John Mellencamp
> >> >> ________________________________________________________________
> >> >> Bill Tantzen    University of Minnesota Libraries
> >> >> 612-626-9949 (U of M)    612-325-1777 (cell)
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> >>
> >> >
> >> >
> >> > --
> >> > Jonathon Koyle
> >>
> >>
> >>
> >> --
> >> Human wheels spin round and round
> >> While the clock keeps the pace... -- John Mellencamp
> >> ________________________________________________________________
> >> Bill Tantzen    University of Minnesota Libraries
> >> 612-626-9949 (U of M)    612-325-1777 (cell)
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
> >
> > --
> > Jonathon Koyle
>
>
>
> --
> Human wheels spin round and round
> While the clock keeps the pace... -- John Mellencamp
> ________________________________________________________________
> Bill Tantzen    University of Minnesota Libraries
> 612-626-9949 (U of M)    612-325-1777 (cell)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

-- 
Jonathon Koyle

Mime
View raw message