www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan A. Marshall" <jam...@research.bell-labs.com>
Subject Re: general/5252:
Date Thu, 18 Nov 1999 17:10:01 GMT
The following reply was made to PR general/5252; it has been noted by GNATS.

From: "Jonathan A. Marshall" <jamars@research.bell-labs.com>
To: vsolve_apache@yahoo.com
Cc: apbugs@apache.org, apbugs@hyperreal.org
Subject: Re: general/5252:
Date: Thu, 18 Nov 1999 12:00:50 -0500

 Thanks again for your reply.  However, I think your answer is still not
 right.  The documentation on www.apache.org says that ProxyBlock lets
 you
 block requests TO the listed addresses, not FROM the listed addresses.
 I am looking for the correct way to block requests FROM certain IP
 addresses.
 
 I appreciate your taking the time to investigate this problem.  I've
 reproduced the problem with a different build of Apache too:
 Apache 1.3.6 with mod_perl (without mod_proxy, etc.).  So I
 think that it's really a core Apache problem.  Can you try to
 reproduce the problem?
 
 Are there other people in the Apache bug-fix community who
 should be involved in this problem?
 
 --Jonathan
 
 
 On Wed, 17 Nov 1999, vsolve apache wrote:
 
 > Hi,
 > To deny proxy requests from any IP addresses you can
 > use ProxyBlock directive.
 >
 > ie., in httpd.conf file
 >
 > <IfModule mod_proxy.c>
 > ProxyRequests on
 > ProxyBlock 172.16.1.110 172.16.1.190
 > ........
 > ........
 > </IfModule>
 >
 > where 172.16.1.110 and 172.16.1.190 are the IP
 > addresses that are denied for proxy requests.
 >
 > regards,
 > vsolve_apache
 >
 > >From: "Jonathan A. Marshall"
 > <jamars@research.bell-labs.com>
 > >To: vsolve_apache@yahoo.com, apbugs@apache.org,
 > apbugs@hyperreal.org
 > >Cc:  Subject: Re: general/5252:
 > >Date: Wed, 10 Nov 1999 10:23:07 -0500
 >
 >  Thanks for your reply.  However, "ProxyRequests On"
 > is already
 >  uncommented
 >  in my httpd.conf file, and the apache is successfully
 > proxying requests.
 >
 >  The only problem here is that I can't get it to deny
 > requests from any
 >  IP
 >  addresses.
 >
 >  Do you have any ideas for how I can further diagnose
 > or fix the problem?
 >
 >  Thanks,
 >  --Jonathan
 >
 >
 >  On Wed, 10 Nov 1999, vsolve apache wrote:
 >  > Hi,
 >  > We suggest the following changes in the httpd.conf
 >  > file for
 >  > "deny from all" inside a <Directory: proxy:*> to
 > work.
 >  > Uncomment the "ProxyRequests on" line in httpd.conf
 >  > file.setting the ProxyRequests directive to on
 > allows
 >  > Apache to function as a proxy server.
 >  > ie., in httpd.conf file
 >  > <IfModule mod_proxy.c>
 >  > ProxyRequests on
 >  > <Directory proxy:*>
 >  > order allow,deny
 >  > deny from all
 >  > </Directory>
 >  > ........
 >  > </IfModule>
 >  > # End of proxy directives.
 >  > regards,
 >  > vsolve_apache.
 >
 >  > >Subject: general/5252: Directory proxy:* deny
 > doesn't work
 >  > >Date: 4 Nov 1999 17:19:51 -0000
 >  > >From:  Jonathan Marshall
 > <jamars@research.bell-labs.com>
 >  > >To: apbugs@hyperreal.org
 >  >
 >  > >Number:         5252
 >  > >Category:       general
 >  > >Synopsis:       Directory proxy:* deny doesn't
 > work
 >  > >Confidential:   no
 >  > >Severity:       serious
 >  > >Priority:       medium
 >  > >Responsible:    apache
 >  > >State:          open
 >  > >Class:          sw-bug
 >  > >Submitter-Id:   apache
 >  > >Arrival-Date:   Thu Nov  4 09:20:01 PST 1999
 >  > >Last-Modified:
 >  > >Originator:     jamars@research.bell-labs.com
 >  > >Organization:  apache
 >  > >Release:        1.3.6
 >  > >Environment:
 >  > Linux 2.2.10, RedHat 6.0
 >  > gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2
 >  > release).
 >  > mod_proxy, with a custom patch
 >  > >Description:
 >  > I want to deny proxy requests coming from a
 > specific
 >  > IP address.  I have the following in my config:
 >  >   <Directory proxy:*>
 >  >   order allow,deny
 >  >   deny from 123.45.6.78
 >  >   </Directory>
 >  > where 123.45.6.78 is a test IP address that I want
 > to
 >  > deny.
 >  > Yet all requests from that IP address succeed.  It
 >  > leaves that IP address in the logs too.
 >  > When I use "deny from all", it still lets the
 > requests
 >  > through!
 >  > I've looked through the bug reports and found a
 > couple
 >  > of mentions
 >  > of similar problems, but no solutions that worked
 > for
 >  > me.  I've
 >  > tried variations, such as Files, DirectoryMatch,
 >  > Location, and LocationMatch, all to no avail.
 >  > >How-To-Repeat:
 >  > mod_proxy, with "deny from all" inside a
 > <Directory:
 >  > proxy:*>
 >  > >Fix:
 >  > No...
 
 

Mime
View raw message