RE: Re: MOD_PROXY and Access Control by IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks Andrew, I did see this as an example on a web post.   ...the argument was made that it's a PIA when you don't match class C subnets and have to use RegEx :-)

...I don't have class C inside, I boiled it down to Class C for the post example.

Thanks!

-----Original Message-----
From: Andrew Schulman [mailto:andrex@xxxxxxxxxxxxxxxxx]
Sent: Friday, November 19, 2010 2:18 PM
To: users@xxxxxxxxxxxxxxxx
Subject:  Re: MOD_PROXY and Access Control by IP

> I've been able to secure each proxy with this model:
> <Proxy http://*/App1/*>
>     Order Deny,Allow
>     #Permit IT
>     Allow from 10.1.0.0/24
>     #Permit Team1
>     Allow from 10.1.1.0/24
>     Deny from all
> </Proxy>
>
> Is there a way we can define access once for the IT Subnet (10.1.0.0/24) once instead of per App?

One way would be

SetEnvIf Remote_Host ^10\.1\.0\. allow_IT
<Proxy http://*/App1/*>
    Order Deny,Allow
    #Permit IT
    Allow from env=allow_IT
    #Permit Team1
    Allow from 10.1.1.0/24
    Deny from all
</Proxy>

With this method you still have to include an Allow from env=allow_IT
inside every <Proxy> stanza, but at least you only have to specify their IP
address in one place.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


CONFIDENTIALITY NOTICE
This e-mail message from Delphi Technology, Inc. is intended only for the individual or entity to which it is addressed. This e-mail may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you received this e-mail by accident, please notify the sender immediately and destroy this e-mail and all copies of it.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux