From users-return-118234-archive-asf-public=cust-asf.ponee.io@httpd.apache.org  Thu Nov 29 22:10:12 2018
Return-Path: <users-return-118234-archive-asf-public=cust-asf.ponee.io@httpd.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id F413318066C
	for <archive-asf-public@cust-asf.ponee.io>; Thu, 29 Nov 2018 22:10:11 +0100 (CET)
Received: (qmail 61960 invoked by uid 500); 29 Nov 2018 21:10:10 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 61933 invoked by uid 99); 29 Nov 2018 21:10:10 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Nov 2018 21:10:10 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 14C8DC21FC
	for <users@httpd.apache.org>; Thu, 29 Nov 2018 21:10:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.798
X-Spam-Level: *
X-Spam-Status: No, score=1.798 tagged_above=-999 required=6.31
	tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=2,
	RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=disabled
Authentication-Results: spamd4-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id 0G4Ybgvuc8Q1 for <users@httpd.apache.org>;
	Thu, 29 Nov 2018 21:10:08 +0000 (UTC)
Received: from mail-vs1-f50.google.com (mail-vs1-f50.google.com [209.85.217.50])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id DEBE35F622
	for <users@httpd.apache.org>; Thu, 29 Nov 2018 21:10:07 +0000 (UTC)
Received: by mail-vs1-f50.google.com with SMTP id v205so2066489vsc.3
        for <users@httpd.apache.org>; Thu, 29 Nov 2018 13:10:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=FjnkxOPJ5leA3UI69XyRhm4pErAFz+Wl2cEu3SB62Gc=;
        b=JNmXXSdzPL3Caq2BueiTwMZFEEtaJMt5c7hKhzGSYU8jS57H+40zz/eyn0a3WNm58r
         hWcpdWSTnkyduyB1TwncrPfOUD/vmpPVoQiYjOUfujlcYoJQFKc80cL+3qyTOt7eigIb
         +3phP8Fmmr90sTd72xQgzXajyD2GGJdbsShb6yW35k4FKewQ4SIVSTDSEcQfq4zUF8id
         VbX1dMy7WYJ/dTBBIdBzY9wA/op4Gej23LmrJnEeKX2osUcZ8uYcFDE94oM7Sh1SF8tv
         3LW0CNd3mIsvRG6x6BDRGXcV1z61j+uQmPAuu0KL6vXZEX0tM2+wrbOLm9fj3q+j2mr3
         IHCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=FjnkxOPJ5leA3UI69XyRhm4pErAFz+Wl2cEu3SB62Gc=;
        b=dKgPnPlaTWm8SVRg3sGO/nBfkbe5xfoixkHj7pV14xiPD7+9YvgSTaICzuLD2tPbiU
         mKGTmCft/aLUcOGcUe5LlQzT+qRjhiQR1wjIWo7K8xIbihEcWJAqB9766T8jU3LeVDGj
         UkClYBfqv/+h2+1Mi85a2FsLsvb2/QUs5xmhGGWqT7o7im6sv4nJOfInO6CvfZlEz6cW
         23eNUY2p0dAXUzlzJXKD16M0ivO7MfRnnC8pTXLr484/FSAGX3qRLI46QEUU463G+TA+
         Dp8LcS7nVfDFrT90PVSObSqOpfl2AwjM6yjDlzNjgaNuj0V4RSshQRlgyCQiccoDXZqY
         idMg==
X-Gm-Message-State: AA+aEWbb+ggq10V8NgzjMc8CPPA37GGg5MVFjou9eorFQdrC5+oHAJZo
	yp3Ujq1VIH9Iv9CtpndDk0dMo8Yx+dBbWHDAEkmamA==
X-Google-Smtp-Source: AFSGD/UgblRhcV8FR5otqeJVruJ7DLumpIMKbAF+ibYQtTmHRXInAeXDRui7DBoHZReHJHm/aId5sdiM6ARp8yLNIQA=
X-Received: by 2002:a67:e983:: with SMTP id b3mr1373006vso.231.1543525806055;
 Thu, 29 Nov 2018 13:10:06 -0800 (PST)
MIME-Version: 1.0
References: <CADgrb7Gtc5YJMcc27nhSZ-arAjUSW9auWTb9gEbUCTmULAtMnQ@mail.gmail.com>
 <CABzyFE9aMx-NkMQN8msVudH+nTF9h-k_iPkqMBrWJPZTjdnnhg@mail.gmail.com> <CADgrb7Gths0FUyOByt6fafkHdMCEFXRus5SK4o2gsoO7etVVjA@mail.gmail.com>
In-Reply-To: <CADgrb7Gths0FUyOByt6fafkHdMCEFXRus5SK4o2gsoO7etVVjA@mail.gmail.com>
From: Jonathon Koyle <litereader@gmail.com>
Date: Thu, 29 Nov 2018 14:09:53 -0700
Message-ID: <CABzyFE9-NKOBiQMMyrt8wwF+zuK=fez8qSA-Hyc_3w4UQoz75g@mail.gmail.com>
To: users@httpd.apache.org
Content-Type: multipart/alternative; boundary="0000000000005f2675057bd41bde"
Subject: Re: [users@httpd] The Require Directives

--0000000000005f2675057bd41bde
Content-Type: text/plain; charset="UTF-8"

So, you want to restrict access to the host to a single machine on a
specific domain with a non-static IP, OR to any machine not on the domain?

On Thu, Nov 29, 2018 at 12:34 PM Bill Tantzen <tantz001@umn.edu> wrote:

> No that's not exactly what I meant.  What I mean is something like
> this -- although actually typing it seems like it can't possibly be
> done:
>
> <RequireAny>
>   Require not host xxx.com
>   Require host ok.xxx.com
> </ReqiureAny>
>
> I realize "not host" is not allowed here, but it maybe helps explain
> what I want to do: Block an entire domain except for a single host.
> --Bill
> On Thu, Nov 29, 2018 at 1:24 PM Jonathon Koyle <litereader@gmail.com>
> wrote:
> >
> > You want to only allow access to a server at a specific hostname, (that
> is how I understand you question).   One way, that would work, is something
> like
> >
> > Listen 80
> > <VirtualHost *:80>
> >     # This is the default host for this port (assuming it is the first
> declaration for a host on this port) all server names that do not match
> another will hit this location
> >    <Location />
> >        Require all denied
> >     </Location>
> > </VirtualHost>
> >
> > <VirtualHost *:80>
> >     ServerName ok.yyy.zzz.com
> >     # Put the rest of the host configuration here
> > </VirtualHost>
> >
> > Assuming there are no other virtual hosts defined on this machine, this
> should return a forbidden for any attempt to access the host at port 80
> through any method name but ok.yyy.zzz.com
> >
> > On Thu, Nov 29, 2018 at 11:18 AM Bill Tantzen <tantz001@umn.edu> wrote:
> >>
> >> Experts,
> >>
> >> My environment is RHEL7 and apache 2.4.6
> >>
> >> I am looking for the seemingly tricky combination of directives
> >> (Require, RequireAll, RequireAny...) that will allow me to deny access
> >> to an entire domain except for, say, one particular host.
> >>
> >> For instance, how do deny access to
> >>    yyy.zzz.com
> >>  except for
> >>    ok.yyy.zzz.com
> >>
> >> Is this even possible?  I have tried every combination of
> >> authorization containers that I can think of, each of which so far is
> >> either too restrictive or too weak.
> >>
> >> Any ideas or suggestions for a good tutorial (believe me, I have
> searched)!!
> >> Thanks in advance!
> >> -- Bill
> >> --
> >> Human wheels spin round and round
> >> While the clock keeps the pace... -- John Mellencamp
> >> ________________________________________________________________
> >> Bill Tantzen    University of Minnesota Libraries
> >> 612-626-9949 (U of M)    612-325-1777 (cell)
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
> >
> > --
> > Jonathon Koyle
>
>
>
> --
> Human wheels spin round and round
> While the clock keeps the pace... -- John Mellencamp
> ________________________________________________________________
> Bill Tantzen    University of Minnesota Libraries
> 612-626-9949 (U of M)    612-325-1777 (cell)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

-- 
Jonathon Koyle

--0000000000005f2675057bd41bde
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">So, you want to restrict access to the host to a single ma=
chine on a specific domain with a non-static IP, OR to any machine not on t=
he domain?<br></div><br><div class=3D"gmail_quote"><div dir=3D"ltr">On Thu,=
 Nov 29, 2018 at 12:34 PM Bill Tantzen &lt;<a href=3D"mailto:tantz001@umn.e=
du">tantz001@umn.edu</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quo=
te" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"=
>No that&#39;s not exactly what I meant.=C2=A0 What I mean is something lik=
e<br>
this -- although actually typing it seems like it can&#39;t possibly be<br>
done:<br>
<br>
&lt;RequireAny&gt;<br>
=C2=A0 Require not host <a href=3D"http://xxx.com" rel=3D"noreferrer" targe=
t=3D"_blank">xxx.com</a><br>
=C2=A0 Require host <a href=3D"http://ok.xxx.com" rel=3D"noreferrer" target=
=3D"_blank">ok.xxx.com</a><br>
&lt;/ReqiureAny&gt;<br>
<br>
I realize &quot;not host&quot; is not allowed here, but it maybe helps expl=
ain<br>
what I want to do: Block an entire domain except for a single host.<br>
--Bill<br>
On Thu, Nov 29, 2018 at 1:24 PM Jonathon Koyle &lt;<a href=3D"mailto:litere=
ader@gmail.com" target=3D"_blank">litereader@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt; You want to only allow access to a server at a specific hostname, (tha=
t is how I understand you question).=C2=A0 =C2=A0One way, that would work, =
is something like<br>
&gt;<br>
&gt; Listen 80<br>
&gt; &lt;VirtualHost *:80&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0# This is the default host for this port (assuming =
it is the first declaration for a host on this port) all server names that =
do not match another will hit this location<br>
&gt;=C2=A0 =C2=A0 &lt;Location /&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 Require all denied<br>
&gt;=C2=A0 =C2=A0 =C2=A0&lt;/Location&gt;<br>
&gt; &lt;/VirtualHost&gt;<br>
&gt;<br>
&gt; &lt;VirtualHost *:80&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0ServerName <a href=3D"http://ok.yyy.zzz.com" rel=3D=
"noreferrer" target=3D"_blank">ok.yyy.zzz.com</a><br>
&gt;=C2=A0 =C2=A0 =C2=A0# Put the rest of the host configuration here<br>
&gt; &lt;/VirtualHost&gt;<br>
&gt;<br>
&gt; Assuming there are no other virtual hosts defined on this machine, thi=
s should return a forbidden for any attempt to access the host at port 80 t=
hrough any method name but <a href=3D"http://ok.yyy.zzz.com" rel=3D"norefer=
rer" target=3D"_blank">ok.yyy.zzz.com</a><br>
&gt;<br>
&gt; On Thu, Nov 29, 2018 at 11:18 AM Bill Tantzen &lt;<a href=3D"mailto:ta=
ntz001@umn.edu" target=3D"_blank">tantz001@umn.edu</a>&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt; Experts,<br>
&gt;&gt;<br>
&gt;&gt; My environment is RHEL7 and apache 2.4.6<br>
&gt;&gt;<br>
&gt;&gt; I am looking for the seemingly tricky combination of directives<br=
>
&gt;&gt; (Require, RequireAll, RequireAny...) that will allow me to deny ac=
cess<br>
&gt;&gt; to an entire domain except for, say, one particular host.<br>
&gt;&gt;<br>
&gt;&gt; For instance, how do deny access to<br>
&gt;&gt;=C2=A0 =C2=A0 <a href=3D"http://yyy.zzz.com" rel=3D"noreferrer" tar=
get=3D"_blank">yyy.zzz.com</a><br>
&gt;&gt;=C2=A0 except for<br>
&gt;&gt;=C2=A0 =C2=A0 <a href=3D"http://ok.yyy.zzz.com" rel=3D"noreferrer" =
target=3D"_blank">ok.yyy.zzz.com</a><br>
&gt;&gt;<br>
&gt;&gt; Is this even possible?=C2=A0 I have tried every combination of<br>
&gt;&gt; authorization containers that I can think of, each of which so far=
 is<br>
&gt;&gt; either too restrictive or too weak.<br>
&gt;&gt;<br>
&gt;&gt; Any ideas or suggestions for a good tutorial (believe me, I have s=
earched)!!<br>
&gt;&gt; Thanks in advance!<br>
&gt;&gt; -- Bill<br>
&gt;&gt; --<br>
&gt;&gt; Human wheels spin round and round<br>
&gt;&gt; While the clock keeps the pace... -- John Mellencamp<br>
&gt;&gt; ________________________________________________________________<b=
r>
&gt;&gt; Bill Tantzen=C2=A0 =C2=A0 University of Minnesota Libraries<br>
&gt;&gt; 612-626-9949 (U of M)=C2=A0 =C2=A0 612-325-1777 (cell)<br>
&gt;&gt;<br>
&gt;&gt; ------------------------------------------------------------------=
---<br>
&gt;&gt; To unsubscribe, e-mail: <a href=3D"mailto:users-unsubscribe@httpd.=
apache.org" target=3D"_blank">users-unsubscribe@httpd.apache.org</a><br>
&gt;&gt; For additional commands, e-mail: <a href=3D"mailto:users-help@http=
d.apache.org" target=3D"_blank">users-help@httpd.apache.org</a><br>
&gt;&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; Jonathon Koyle<br>
<br>
<br>
<br>
-- <br>
Human wheels spin round and round<br>
While the clock keeps the pace... -- John Mellencamp<br>
________________________________________________________________<br>
Bill Tantzen=C2=A0 =C2=A0 University of Minnesota Libraries<br>
612-626-9949 (U of M)=C2=A0 =C2=A0 612-325-1777 (cell)<br>
<br>
---------------------------------------------------------------------<br>
To unsubscribe, e-mail: <a href=3D"mailto:users-unsubscribe@httpd.apache.or=
g" target=3D"_blank">users-unsubscribe@httpd.apache.org</a><br>
For additional commands, e-mail: <a href=3D"mailto:users-help@httpd.apache.=
org" target=3D"_blank">users-help@httpd.apache.org</a><br>
<br>
</blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr" class=3D"g=
mail_signature" data-smartmail=3D"gmail_signature">Jonathon Koyle</div>

--0000000000005f2675057bd41bde--