Re: Restrict Access to a set of IP in a specific URL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks everyone for getting back on this one,

If I have to do this in as per Jeff, which file should I be changing?
Each vhost can do this in a separate <Directory /myapp/my-test1/demo/> block but does not seem useful . I would keep this out of Tomcat, but thats just me.


I also read that, we can use in the Tomcat context.xml file...Has anyone tried this?
<Context antiJARLocking="true" path="/">
 <Valve className="org.apache.catalina.valves.RemoteIpValve" />
 <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="{IP_address}" />
</Context>



On Sun, Jan 19, 2014 at 8:32 AM, John List <johnlist@xxxxxxxxxxxxxx> wrote:

On 01/18/2014 09:59 PM, John List wrote:
On 01/18/2014 06:45 PM, Jeff Dyke wrote:
Remember that IPs are easily spoofed.
Actually, since HTTP is based on a TCP connection, I don't know that you can say that IP addresses can be spoofed in the web context.



(IP addresses can be spoofed, but that's not a security problem in a web context since any response from the web server will be directed to the spoofed IP address, not the one that spoofed it.)

but we all do it, and the access restrictions are so much cleaner, as well as other things in apache2.4, so if you can i'd upgrade.  You're obviously building these as VHosts, so they can go int the virutual host container, but you want this page: http://httpd.apache.org/docs/2.2/howto/access.html and http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow

In Apache 2.2

Order allow, deny
Allow from 172.168.10

Each vhost can do this in a separate <Directory /myapp/my-test1/demo/> block but does not seem useful . I would keep this out of Tomcat, but thats just me. 

Again, if you have the ability upgrade to 2.4, disable mod_compatibility and use the require all syntax, it will take more work, but apache has come a long way sing 2.2.



On Sat, Jan 18, 2014 at 2:46 PM, Dev Raj <devaraj.takhellambam@xxxxxxxxx> wrote:
Hi,

I have Apache 2.2 installed on my Unix Server and have a couple of Application servers running each of them having similar Document Root.

For example,
The URLS will look like below

https://my-test1.com/demo/index.html
https://my-prod1.com/demo/index.html
https://my-qa1.com/demo/index.html

The directory(Tomcat) folder looks like
/myapp/my-test1/demo/index.html
/myapp/my-prod1/demo/index.html
/myapp/my-qa1/demo/index.html


I would like to restrict access to the above prod1 URL for a specific set of IP's. How can I achieve this. Please tell.


--
Regards,
Devaraj






--
Regards,
Devaraj

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux