Awesome, I will try it out -- I was seriously overthinking and over-engineering this thing. In the meantime, a little mod_rewrite magic works too... Thanks a million! Bill On Thu, Nov 29, 2018 at 4:41 PM Jonathon Koyle <litereader@xxxxxxxxx> wrote: > > You might try this, with some simple testing it seems to work... > <RequireAll> > Require host usurf.usu.edu denied > Require host c01622.usurf.usu.edu > </RequireAll> > > <RequireAll> > Require not host usurf.usu.edu > Require ip 0.0.0.0/1 > </RequireAll> > > <RequireAll> > Require not host usurf.usu.edu > Require ip 128.0.0.0/1 > </RequireAll> > > On Thu, Nov 29, 2018 at 2:23 PM Bill Tantzen <tantz001@xxxxxxx> wrote: >> >> Sorry this is turning out to be so confusing! What I'm hoping to do, >> in pseudo-config would be something like this: >> >> Require not host bigdomain.com . ## nobody from the entire domain gets in! >> Require host buddy.bigdomain.com ## except this single client >> Require all granted ## and the rest of the world! >> >> I'm not sure this can even be done at the apache level, much less how to do it. >> Thanks for looking! >> Bill >> On Thu, Nov 29, 2018 at 3:10 PM Jonathon Koyle <litereader@xxxxxxxxx> wrote: >> > >> > So, you want to restrict access to the host to a single machine on a specific domain with a non-static IP, OR to any machine not on the domain? >> > >> > On Thu, Nov 29, 2018 at 12:34 PM Bill Tantzen <tantz001@xxxxxxx> wrote: >> >> >> >> No that's not exactly what I meant. What I mean is something like >> >> this -- although actually typing it seems like it can't possibly be >> >> done: >> >> >> >> <RequireAny> >> >> Require not host xxx.com >> >> Require host ok.xxx.com >> >> </ReqiureAny> >> >> >> >> I realize "not host" is not allowed here, but it maybe helps explain >> >> what I want to do: Block an entire domain except for a single host. >> >> --Bill >> >> On Thu, Nov 29, 2018 at 1:24 PM Jonathon Koyle <litereader@xxxxxxxxx> wrote: >> >> > >> >> > You want to only allow access to a server at a specific hostname, (that is how I understand you question). One way, that would work, is something like >> >> > >> >> > Listen 80 >> >> > <VirtualHost *:80> >> >> > # This is the default host for this port (assuming it is the first declaration for a host on this port) all server names that do not match another will hit this location >> >> > <Location /> >> >> > Require all denied >> >> > </Location> >> >> > </VirtualHost> >> >> > >> >> > <VirtualHost *:80> >> >> > ServerName ok.yyy.zzz.com >> >> > # Put the rest of the host configuration here >> >> > </VirtualHost> >> >> > >> >> > Assuming there are no other virtual hosts defined on this machine, this should return a forbidden for any attempt to access the host at port 80 through any method name but ok.yyy.zzz.com >> >> > >> >> > On Thu, Nov 29, 2018 at 11:18 AM Bill Tantzen <tantz001@xxxxxxx> wrote: >> >> >> >> >> >> Experts, >> >> >> >> >> >> My environment is RHEL7 and apache 2.4.6 >> >> >> >> >> >> I am looking for the seemingly tricky combination of directives >> >> >> (Require, RequireAll, RequireAny...) that will allow me to deny access >> >> >> to an entire domain except for, say, one particular host. >> >> >> >> >> >> For instance, how do deny access to >> >> >> yyy.zzz.com >> >> >> except for >> >> >> ok.yyy.zzz.com >> >> >> >> >> >> Is this even possible? I have tried every combination of >> >> >> authorization containers that I can think of, each of which so far is >> >> >> either too restrictive or too weak. >> >> >> >> >> >> Any ideas or suggestions for a good tutorial (believe me, I have searched)!! >> >> >> Thanks in advance! >> >> >> -- Bill >> >> >> -- >> >> >> Human wheels spin round and round >> >> >> While the clock keeps the pace... -- John Mellencamp >> >> >> ________________________________________________________________ >> >> >> Bill Tantzen University of Minnesota Libraries >> >> >> 612-626-9949 (U of M) 612-325-1777 (cell) >> >> >> >> >> >> --------------------------------------------------------------------- >> >> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> >> >> >> > >> >> > >> >> > -- >> >> > Jonathon Koyle >> >> >> >> >> >> >> >> -- >> >> Human wheels spin round and round >> >> While the clock keeps the pace... -- John Mellencamp >> >> ________________________________________________________________ >> >> Bill Tantzen University of Minnesota Libraries >> >> 612-626-9949 (U of M) 612-325-1777 (cell) >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> >> > >> > >> > -- >> > Jonathon Koyle >> >> >> >> -- >> Human wheels spin round and round >> While the clock keeps the pace... -- John Mellencamp >> ________________________________________________________________ >> Bill Tantzen University of Minnesota Libraries >> 612-626-9949 (U of M) 612-325-1777 (cell) >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > > > -- > Jonathon Koyle -- Human wheels spin round and round While the clock keeps the pace... -- John Mellencamp ________________________________________________________________ Bill Tantzen University of Minnesota Libraries 612-626-9949 (U of M) 612-325-1777 (cell) --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|