[PLUG] Apache access control question
Evan Heidtmann
clydefrog at adnap.no-ip.com
Thu Jun 10 08:30:02 UTC 2004
On Wed, 2004-06-09 at 23:50, Galen Seitz wrote:
> I'm confused about access control under Apache (2.0). What determines the
> default access control? For example, if I have an entry in httpd.conf
> like the following, what sets the access control for /var/www/icons?
>
> Alias /icons/ "/var/www/icons/"
>
> <Directory "/var/www/icons">
> Options Indexes MultiViews
> AllowOverride None
> </Directory>
You have no auth or access control directives here, so /var/www/icons
will inherit the directives from higher-level directories. If you don't
have any such directives in your httpd.conf at all, then AFAIK the
defaults are to allow access from anywhere.
> Ultimately what I would like to do is allow access to all of my web stuff
> from 127.0.0.1 and 192.168.1.0/24 via http, and allow access to
> selected directories from anywhere via https with basic auth. I've
> seen examples of this, but they would be easier to follow if I understood
> how access control picks up its defaults, as well as whether there
> is any scoping or inheritance of permissions. Note that I'm not
> planning to use htaccess files.
This document is probably what you want:
http://httpd.apache.org/docs-2.0/howto/auth.html
Off the top of my head, something like this would do what you want:
<VirtualHost *:80>
DocumentRoot /var/www/docroot
<Location />
Order deny,allow
Deny from all
Allow from 127.0.0.1 192.168.1.0/24
# You can replace this stuff with iptables rules like these:
# iptables -I INPUT -s 127.0.0.1 -j ACCEPT
# iptables -I INPUT -p tcp --dport 80 -s ! 192.168.1.0/24 -j DROP
# This will be more secure.
</Location>
</VirtualHost>
<VirtualHost *:443> # for https
DocumentRoot /var/www/public
# Set up aliases here for other directories
<Location />
# Put AuthType and Require directives here
</Location>
</VirtualHost>
Hope this works (I'm accustomed to Apache 1.3).
Evan
More information about the PLUG
mailing list