Apache 1.3.x - directory deny/allow config help - Apache Web Server forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Apache 1.3.x - directory deny/allow config help

directory allow deny config

Outlander

6:08 am on Aug 8, 2007 (gmt 0)

I'm trying to configure apache (1.3.x on windows yech) to allow local
ip ranges (10. etc) and deny certain local machines (10.1.2.3.4 for
example) and to deny any other ips (ie, the internet).

I'm finding it hard to wrap my mind around how to do this easily in
the directives.

This is the current config snippet:

<Directory C:/data/appserver/myhost/web/admin/>
Order Deny,Allow
Deny from All
Allow from 10. 192.5. 192.168.
</Directory>

which denies all but "local" ranges for an admin panel.

But now I need to be more specific and exclude say 10.1.2.3 from
within a local range as well.

This throws a spanner in the works.

I had one crazy idea to do this:

Order Deny,Allow
Deny from 10.1.2.3 11. 12. 13......202. 203........ 255.
Allow from 10. 192.5. 192.168.

Deny "the whole internet" using all ranges EXCEPT 10. 192. but
there must be an easier way surely?

Let me know if anyone has any brainwaves on this one...

Thanks!

phranque

8:52 am on Aug 8, 2007 (gmt 0)

if you switch the Order, then Deny is the default state and you won't need the "Deny from All".

try this:

<Directory C:/data/appserver/myhost/web/admin/>
Order Allow,Deny
Allow from 10. 192.5. 192.168.
Deny from 10..1.2.3
</Directory>

the above translates to:
- if it's not in one of the 3 ip ranges it is denied; allowed if only this rule matches.
- if it's 10.1.2.3 it's denied (both rules match, so final match controls)
- everything else is denied (no rules match, so default)

remember the Allow's and Deny's are grouped in processing, so physical order in the list isn't so important.