Allowing one IP gives all access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am trying to allow only a few IP addresses access.  The strange thing is I
went home and noticed I had access from my home computer when I shouldn't
have.  I went back to work and tested things and found that a single IP
address that I was allowing caused everyone to be allowed.  I tested using a
proxy.  When I had that address allowed, the proxy had access when it
shouldn't.  When I didn't allow that IP, the proxy didn't have access but
neither did the other IPs I was explicitly allowing.  How could this be?

Here is my httpd-ssl.conf file below.  When I allow ccc.ccc.ccc.ccc, then
the proxy and everyone has access even if they shouldn't.  When I don't
allow ccc.ccc.ccc.ccc, then the proxy doesn't have access but also
bbb.bbb.bbb.bbb doesn't have access!

I have tested with IIS6 and it does not behave that way.  It behaves
properly and denies access to the proxy even with that "special" IP address
allowed.
----
<VirtualHost aaa.aaa.aaa.aaa:443>
	
	#   General setup for the virtual host
	DocumentRoot "F:/Apache_Software_Foundation/Apache2.2/htdocs"
	ServerName aaa.aaa.aaa.aaa:443
	ErrorLog logs/aaa.aaa.aaa.aaa-error.log
	CustomLog logs/aaa.aaa.aaa.aaa-access.log common
	#ErrorLog F:/Apache_Software_Foundation/Apache2.2/logs/error_log
	TransferLog F:/Apache_Software_Foundation/Apache2.2/logs/access_log

	#	Location directive allows for restricting access by IP to a location on
this host
	<Location /blah>
		Order deny,allow
		Deny from all
		Allow from aaa.aaa.aaa.aaa
		Allow from bbb.bbb.bbb.bbb
		Allow from ccc.ccc.ccc.ccc
	</Location>

</VirtualHost>



-- 
View this message in context: http://www.nabble.com/Allowing-one-IP-gives-all-access-tf4523340.html#a12904289
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux