Re: Access control with source IP addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi MegaBrutal,

Thansk for your answer, the version of our installed apache httpd is 2.2.15-39.el6.centos.

We already did the access control on the PHP side, and we also want to do this on the apache httpd side to protect our website.


Bu Xiaobing

On 2014-12-1 21:20, MegaBrutal wrote:
2014-11-21 12:48 GMT+01:00 Rainer M. Canavan <rainer.canavan@xxxxxxxxxxxx>:
On Nov 21, 2014, at 08:48 , Bu Xiaobing <buxiaobing@xxxxxxxxxxxxx> wrote:

Hi All,

I want to do the httpd URL access control through visitors' IP addresses as the following :

all source IP address can visit  ^/action.php?login
and only specified IP addresses can visit ^/action.php?manage

Anyone can give me some advises?
You've probably noticed that the usual mechanisms like Directory, Location and
LocationMatch don't evaluate the query string. You'll probably have to
use a RewriteRule preceded by

RewriteCond %{QUERY_STRING} manage

or something similar, in combination with

<Location /action.php>
  Allow From IP.IP.IP.IP
</Location
It also worth to clarify the Apache version in question, as it's a
major change between 2.2 and 2.4 that Allow, Deny directives got
deprecated, and should be updated to Require. Some recent Linux
distros and FreeBSD already ship 2.4, so I think it's time to get
familiar with its features and caveats.

I know the question is how to solve access control in Apache, but in
this particular case I'd also consider to make the distinction at
PHP-level. Most PHP-based websites do that and don't rely on the web
server config to do proper access control.

Be prepared to also account for IPv6 addresses, if your web server
also serves over IPv6.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux