> Eris Caffee <mailto:eris-redhat-list@xxxxxxxxxxx> > on Sunday, August 21, 2005 8:21 AM said: > >> One other thing I would suggest would be that if you install cacti on >> the new server you should edit your httpd.conf and restrict access to >> it and it's subdirectories to add another layer of protection. >> Really, anything that isn't for the general public ought to be >> restricted, of course. > > That's a good idea. > > Does this mean that if someone tries to reach www.domain.com/cacti that > they will be denied access? Is based on IP address or rights based? What > about internal network users? There are several ways to do it. You could use a .htaccess file in the cacti directory and set up passwords, but a simpler way to restrict access is to use the "Allow" directive in your http.conf file. Here's an example: <Location /server-info> SetHandler server-info Order deny,allow Deny from all Allow from 192.168.0.1 </Location> This set of directives not only set the url http://sitename.com/server-info to provide information about the server, but it also restricts access to that url. Only someone running on a machine whose IP is 192.168.0.1 will be allowed access to the server-info page. Of course, since IP addresses might be spoofed, it is even safer to use both this _and_ .htaccess paswords. The best security has many layers, each one of which has to be pierced individually. Eris Caffee -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
