httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Tantzen <tantz...@umn.edu>
Subject Re: [users@httpd] The Require Directives
Date Fri, 30 Nov 2018 15:51:44 GMT
Awesome, I will try it out -- I was seriously overthinking and
over-engineering this thing.  In the meantime, a little mod_rewrite
magic works too...
Thanks a million!
Bill
On Thu, Nov 29, 2018 at 4:41 PM Jonathon Koyle <litereader@gmail.com> wrote:
>
> You might try this, with some simple testing it seems to work...
> <RequireAll>
>         Require host usurf.usu.edu denied
>         Require host c01622.usurf.usu.edu
>     </RequireAll>
>
>     <RequireAll>
>         Require not host usurf.usu.edu
>         Require ip 0.0.0.0/1
>     </RequireAll>
>
>     <RequireAll>
>         Require not host usurf.usu.edu
>         Require ip 128.0.0.0/1
>     </RequireAll>
>
> On Thu, Nov 29, 2018 at 2:23 PM Bill Tantzen <tantz001@umn.edu> wrote:
>>
>> Sorry this is turning out to be so confusing!  What I'm hoping to do,
>> in pseudo-config would be something like this:
>>
>> Require not host bigdomain.com .     ## nobody from the entire domain gets in!
>> Require host buddy.bigdomain.com   ## except this single client
>> Require all granted                             ## and the rest of the world!
>>
>> I'm not sure this can even be done at the apache level, much less how to do it.
>> Thanks for looking!
>> Bill
>> On Thu, Nov 29, 2018 at 3:10 PM Jonathon Koyle <litereader@gmail.com> wrote:
>> >
>> > So, you want to restrict access to the host to a single machine on a specific
domain with a non-static IP, OR to any machine not on the domain?
>> >
>> > On Thu, Nov 29, 2018 at 12:34 PM Bill Tantzen <tantz001@umn.edu> wrote:
>> >>
>> >> No that's not exactly what I meant.  What I mean is something like
>> >> this -- although actually typing it seems like it can't possibly be
>> >> done:
>> >>
>> >> <RequireAny>
>> >>   Require not host xxx.com
>> >>   Require host ok.xxx.com
>> >> </ReqiureAny>
>> >>
>> >> I realize "not host" is not allowed here, but it maybe helps explain
>> >> what I want to do: Block an entire domain except for a single host.
>> >> --Bill
>> >> On Thu, Nov 29, 2018 at 1:24 PM Jonathon Koyle <litereader@gmail.com>
wrote:
>> >> >
>> >> > You want to only allow access to a server at a specific hostname, (that
is how I understand you question).   One way, that would work, is something like
>> >> >
>> >> > Listen 80
>> >> > <VirtualHost *:80>
>> >> >     # This is the default host for this port (assuming it is the first
declaration for a host on this port) all server names that do not match another will hit this
location
>> >> >    <Location />
>> >> >        Require all denied
>> >> >     </Location>
>> >> > </VirtualHost>
>> >> >
>> >> > <VirtualHost *:80>
>> >> >     ServerName ok.yyy.zzz.com
>> >> >     # Put the rest of the host configuration here
>> >> > </VirtualHost>
>> >> >
>> >> > Assuming there are no other virtual hosts defined on this machine,
this should return a forbidden for any attempt to access the host at port 80 through any method
name but ok.yyy.zzz.com
>> >> >
>> >> > On Thu, Nov 29, 2018 at 11:18 AM Bill Tantzen <tantz001@umn.edu>
wrote:
>> >> >>
>> >> >> Experts,
>> >> >>
>> >> >> My environment is RHEL7 and apache 2.4.6
>> >> >>
>> >> >> I am looking for the seemingly tricky combination of directives
>> >> >> (Require, RequireAll, RequireAny...) that will allow me to deny
access
>> >> >> to an entire domain except for, say, one particular host.
>> >> >>
>> >> >> For instance, how do deny access to
>> >> >>    yyy.zzz.com
>> >> >>  except for
>> >> >>    ok.yyy.zzz.com
>> >> >>
>> >> >> Is this even possible?  I have tried every combination of
>> >> >> authorization containers that I can think of, each of which so
far is
>> >> >> either too restrictive or too weak.
>> >> >>
>> >> >> Any ideas or suggestions for a good tutorial (believe me, I have
searched)!!
>> >> >> Thanks in advance!
>> >> >> -- Bill
>> >> >> --
>> >> >> Human wheels spin round and round
>> >> >> While the clock keeps the pace... -- John Mellencamp
>> >> >> ________________________________________________________________
>> >> >> Bill Tantzen    University of Minnesota Libraries
>> >> >> 612-626-9949 (U of M)    612-325-1777 (cell)
>> >> >>
>> >> >> ---------------------------------------------------------------------
>> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >> >> For additional commands, e-mail: users-help@httpd.apache.org
>> >> >>
>> >> >
>> >> >
>> >> > --
>> >> > Jonathon Koyle
>> >>
>> >>
>> >>
>> >> --
>> >> Human wheels spin round and round
>> >> While the clock keeps the pace... -- John Mellencamp
>> >> ________________________________________________________________
>> >> Bill Tantzen    University of Minnesota Libraries
>> >> 612-626-9949 (U of M)    612-325-1777 (cell)
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >> For additional commands, e-mail: users-help@httpd.apache.org
>> >>
>> >
>> >
>> > --
>> > Jonathon Koyle
>>
>>
>>
>> --
>> Human wheels spin round and round
>> While the clock keeps the pace... -- John Mellencamp
>> ________________________________________________________________
>> Bill Tantzen    University of Minnesota Libraries
>> 612-626-9949 (U of M)    612-325-1777 (cell)
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> --
> Jonathon Koyle



-- 
Human wheels spin round and round
While the clock keeps the pace... -- John Mellencamp
________________________________________________________________
Bill Tantzen    University of Minnesota Libraries
612-626-9949 (U of M)    612-325-1777 (cell)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message