Re: The Require Directives

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You might try this, with some simple testing it seems to work...
<RequireAll>
        Require host usurf.usu.edu denied
        Require host c01622.usurf.usu.edu
    </RequireAll>

    <RequireAll>
        Require not host usurf.usu.edu
        Require ip 0.0.0.0/1
    </RequireAll>

    <RequireAll>
        Require not host usurf.usu.edu
        Require ip 128.0.0.0/1
    </RequireAll>

On Thu, Nov 29, 2018 at 2:23 PM Bill Tantzen <tantz001@xxxxxxx> wrote:
Sorry this is turning out to be so confusing!  What I'm hoping to do,
in pseudo-config would be something like this:

Require not host bigdomain.com .     ## nobody from the entire domain gets in!
Require host buddy.bigdomain.com   ## except this single client
Require all granted                             ## and the rest of the world!

I'm not sure this can even be done at the apache level, much less how to do it.
Thanks for looking!
Bill
On Thu, Nov 29, 2018 at 3:10 PM Jonathon Koyle <litereader@xxxxxxxxx> wrote:
>
> So, you want to restrict access to the host to a single machine on a specific domain with a non-static IP, OR to any machine not on the domain?
>
> On Thu, Nov 29, 2018 at 12:34 PM Bill Tantzen <tantz001@xxxxxxx> wrote:
>>
>> No that's not exactly what I meant.  What I mean is something like
>> this -- although actually typing it seems like it can't possibly be
>> done:
>>
>> <RequireAny>
>>   Require not host xxx.com
>>   Require host ok.xxx.com
>> </ReqiureAny>
>>
>> I realize "not host" is not allowed here, but it maybe helps explain
>> what I want to do: Block an entire domain except for a single host.
>> --Bill
>> On Thu, Nov 29, 2018 at 1:24 PM Jonathon Koyle <litereader@xxxxxxxxx> wrote:
>> >
>> > You want to only allow access to a server at a specific hostname, (that is how I understand you question).   One way, that would work, is something like
>> >
>> > Listen 80
>> > <VirtualHost *:80>
>> >     # This is the default host for this port (assuming it is the first declaration for a host on this port) all server names that do not match another will hit this location
>> >    <Location />
>> >        Require all denied
>> >     </Location>
>> > </VirtualHost>
>> >
>> > <VirtualHost *:80>
>> >     ServerName ok.yyy.zzz.com
>> >     # Put the rest of the host configuration here
>> > </VirtualHost>
>> >
>> > Assuming there are no other virtual hosts defined on this machine, this should return a forbidden for any attempt to access the host at port 80 through any method name but ok.yyy.zzz.com
>> >
>> > On Thu, Nov 29, 2018 at 11:18 AM Bill Tantzen <tantz001@xxxxxxx> wrote:
>> >>
>> >> Experts,
>> >>
>> >> My environment is RHEL7 and apache 2.4.6
>> >>
>> >> I am looking for the seemingly tricky combination of directives
>> >> (Require, RequireAll, RequireAny...) that will allow me to deny access
>> >> to an entire domain except for, say, one particular host.
>> >>
>> >> For instance, how do deny access to
>> >>    yyy.zzz.com
>> >>  except for
>> >>    ok.yyy.zzz.com
>> >>
>> >> Is this even possible?  I have tried every combination of
>> >> authorization containers that I can think of, each of which so far is
>> >> either too restrictive or too weak.
>> >>
>> >> Any ideas or suggestions for a good tutorial (believe me, I have searched)!!
>> >> Thanks in advance!
>> >> -- Bill
>> >> --
>> >> Human wheels spin round and round
>> >> While the clock keeps the pace... -- John Mellencamp
>> >> ________________________________________________________________
>> >> Bill Tantzen    University of Minnesota Libraries
>> >> 612-626-9949 (U of M)    612-325-1777 (cell)
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>> >>
>> >
>> >
>> > --
>> > Jonathon Koyle
>>
>>
>>
>> --
>> Human wheels spin round and round
>> While the clock keeps the pace... -- John Mellencamp
>> ________________________________________________________________
>> Bill Tantzen    University of Minnesota Libraries
>> 612-626-9949 (U of M)    612-325-1777 (cell)
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>
>
> --
> Jonathon Koyle



--
Human wheels spin round and round
While the clock keeps the pace... -- John Mellencamp
________________________________________________________________
Bill Tantzen    University of Minnesota Libraries
612-626-9949 (U of M)    612-325-1777 (cell)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



--
Jonathon Koyle

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux