Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

blocking ips

Status
Not open for further replies.
stasJohn

stasJohn

Programmer
May 6, 2004
155
US
Hi

I'm setting up an apache webserver which will be used as a development and staging server as well as host some internal applications.

I'd like to have the webserver locked down from all ip addresses except for the LAN computers in the office as well as some outside ips (such as the w3c validator).

How would I go about modifying my http.conf for this? Any strategies, links would be greatly appreciated.


 
Sort by date Sort by votes
revisit,

I have the following
Code: 
<Directory />
  Options FollowSymLinks
  AllowOverride None
  Order dent,allow
  deny from all
  allow from [ip address]
</Directory>
The above is to block all access to my webserver from outside my LAN, which is working except for the following:

I have a virtual host
Code: 
<VirtualHost 192.168.168.104>
  ServerName web.myweb.dynalias.com
  ProxyPass / [URL unfurl="true"]http://127.0.0.1:2500[/URL]
  ProxyPassReverse / [URL unfurl="true"]http://127.0.0.1:2500[/URL]
</VirtualHost>

The virtual host is used to access instiki (a ruby powered wiki) which runs on port 2500 from port 80.

It should be hidden from outside my LAN but is accessible. Am I missing some configuration? Thanks in advance.
 
Upvote 0 Downvote
sorry the typo is in the post, not in my httpd.conf
 
Upvote 0 Downvote
Hi

Look what I sucked, while I tried to reproduce your problem. There was another section for the same / directory later, which reenables the access. Could be possible to have the same problem ?

Anyway, is abit strange that the virtual host has no [tt]DocumentRoot[/tt] setting.

Feherke.
 
Upvote 0 Downvote
There is a directory directive after, but I don't think it re-enables access. Here's my httpd.conf (slightly stripped);

Code: 
Port 80
ServerName [ip address]
DocumentRoot "/[URL unfurl="true"]www/internal"[/URL]

<Directory />
  Options FollowSymLinks
  AllowOverride None
  Order deny,allow
  deny from all
  allow from [ip address]
</Directory>

<Directory "/[URL unfurl="true"]www/internal/">[/URL]
  Options Indexes FollorSymLinks MultiViews
  AllowOverride All
</Directory>

<Directory /home/*/public_html>
  AllowOverride FileInfo authConfig Limit
  Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
  <Limit GET POST OPTIONS PROPFIND>
    order deny,allow
    deny from all
    allow from [ip address]
  </Limit>
  <LimitExecpt GET POST OPTIONS PROPFIND>
    order deny,allow
    deny from all
  </LimitExecpt>
</Directory>

NameVirtualHost 192.168.1.104

<VirtualHost 192.168.1.104>
  DocumentRoot /[URL unfurl="true"]www/internal[/URL]
  Servername myweb.dynalias.com
</VirtualHost>

<VirtualHost 192.168.1.104>
  DocumentRoot /home/user1/public_html
  ServerName user1.myweb.dynalias.com
</VirtualHost>

<VirtualHost 192.168.1.104>
  ServerName web.myweb.dynalias.com
  ProxyPass / [URL unfurl="true"]http://127.0.0.1:2500[/URL]
  ProxyPassReverse / [URL unfurl="true"]http://127.0.0.1:2500[/URL]
</VirtualHost>

I added DocumentRoot to the last virtualHost but it didn't change anything.
 
Upvote 0 Downvote
Hi

Sorry, I give up. I think the simple way is :
Code: 
Listen 2500
<VirtualHost web.myweb.dynalias.com:2500>
  ServerName web.myweb.dynalias.com
</VirtualHost>
By the way, who is listening on port 2500 ?

Feherke.
 
Upvote 0 Downvote
the above code rendered the service unaccessible.

By the way, who is listening on port 2500 ?
Click to expand...
a wiki, which runs off of ruby is listening to port 2500.

Basically, I'm using mod_proxy and forwarding calls to 80 to the wiki running on port 2500.
 
Upvote 0 Downvote
hmmm, when I try to restart the server I get an error. Running configtest gives me;

Code: 
Syntax error on line 1047 of /conf/httpd.conf: Invalid Command '<Proxy', perhaps mis-spelled or defined by a module not included in the server configuration

I looked through the conf and these items are present
Code: 
LoadModule proxy_module   libexec/libproxy.so
AddModule mod_proxy.c
 
Upvote 0 Downvote
Hi

Pity. I have Apache/2.0.54, but no idea what module version. In my httpd.conf the [tt]NameVirtualHost[/tt]'s value is *. Try to specify the same IP, which you used for [tt]NameVirtualHost[/tt] :
Code: 
<Proxy 192.168.1.104>
[gray]...[/gray]

Feherke.
 
Upvote 0 Downvote
I added the ip, but I still get the same error. It doesn't understand the Proxy directive. I'll have to browse around the apache help files to figure this out. Thanks for all the help though. Anyone else want to chime in. I'd totally appreciate it.
 
Upvote 0 Downvote
Hi

mod_proxy.html said:
Apache's proxy features are divided into several modules in addition to mod_proxy: mod_proxy_http, mod_proxy_ftp and mod_proxy_connect.
Click to expand...
I have all of them loaded, but the [tt]proxy_http_module[/tt] seems to be necessary. You have them ?

Feherke.
 
Upvote 0 Downvote
the only thing that is loaded is "mod_proxy". I'm guessing I'm going to have to rebuild my apache.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AndyJax
  • Locked
  • Question
Apache RewriteMap - White List IPs and IP Ranges
Replies
0
Views
122
AndyJax
AndyJax
ThomasJSmart
  • Locked
  • Question
iptables blocking email to server
Replies
2
Views
285
Noway2
Noway2
texaganian
  • Locked
  • Question
problem with static v4 IPs
Replies
0
Views
72
texaganian
texaganian
donb01
  • Locked
  • Question
Block IPs of brute force attackers?
Replies
11
Views
249
donb01
donb01
thedaver
  • Locked
  • Question
Blocking IPs
Replies
1
Views
83
sleipnir214
sleipnir214

Part and Inventory Search

Sponsor

Back
Top