|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Apache issue
From: Derick Anderson (danderson
vikus.com)
Date: Wed Jun 22 2005 - 10:24:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The Apache documentation at
http://httpd.apache.org/docs-2.0/mod/mod_access.html#order will be
helpful to you. Essentially, you must order the Allow,Deny statement the
same way as your Allow from/Deny from statements. Example:
<Directory /foo/bar>
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/255.255.255.0
</Directory>
Derick Anderson
> -----Original Message-----
> From: anita.salernotalk21.com [mailto:anita.salernotalk21.com]
> Sent: Wednesday, June 22, 2005 3:44 AM
> To: focus-linuxsecurityfocus.com
> Subject: Apache issue
>
> Hello,
> I'm using Apache/2.0.52 on Fedora Core 3. I've copied the
> configuration file of the previous apache's version on a
> Redhat, as I do everytime when upgrading to a new version of
> Apache (I configured only the new httpd.conf manually), and
> now the problem is that none of the security measures is
> working, I'm bypassing all of them (.htaccess and ip list
> specification).
>
> The mod_access module is enabled.
>
> In my httpd.conf, I have:
>
> AllowOverride All
>
> <Directory /www/html/directory/rzone>
> Order Allow,Deny
> Allow from 10.0.10.
> Deny from all
> </Directory>
>
>
>
> My .htaccess is:
> AuthType Basic
> AuthName Welcome
> AuthUserFile /www/html/directory/rzone/.htmdp
>
> <Limit GET POST>
> require valid-user
>
> Order Allow,Deny
> Allow from 10.0.10.
> Deny from all
> </Limit>
>
> When I was desprate, I've configured the access file as follow:
>
> Order Allow,Deny
> Deny from all
>
> and I still have access to the web site.
>
> Any idea ?
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]