Apache help

[hereigns]

Running RH 7.2 kernel 2.4.7-10 with apache 1.3.20

I'm wanting to restrict access to Intranet site from Internet. I've added the following commands to the httpd.conf file, which works too well as it prompts for authorization even from internal hosts. Any ideas on how I can get the file to not prompt for internal clients?

deny from all
allow from 192.168
Options FollowSymLinks
AllowOverride AuthConfig
AuthName "Authorized users only"
AuthType Basic
AuthDBUserFile /etc/httpd/.dbmpasswd
require valid-user
Order allow,deny
Allow from all

 

[thedaver]

How about running a simple firewall instead? Just block all traffic to TCP port 80 from any source except your authorized network? Why make Apache work harder.

http://firewall-jay.sf.net/

Oh, by the way, you've got dozens of security holes in that version of Apache... consider upgrading.

http://www.surfinbox.com/hosting/

 

[hereigns]

thedaver,
I can't really run a firewall cause I want it be accessible from the Internet - just want it limited to those who know username + password.

I will upgrade apache asap - thanks for the tip!

 

[ericbrunson]

Your deny/allows are contradicting your last post.

 

[hereigns]

Okay...I also tried this which didn't help. It's as if it's not reading or recognizing the "allow from" section.

allow from 192.168
deny from all
Options FollowSymLinks
AllowOverride AuthConfig
AuthName "Authorized users only"
AuthType Basic
AuthDBUserFile /etc/httpd/.dbmpasswd
require valid-user
Order allow,deny