mirror of
https://github.com/Ponce/slackbuilds
synced 2024-10-29 18:42:51 +01:00
34 lines
1.2 KiB
Text
34 lines
1.2 KiB
Text
|
This system works well with dynamic blocking scripts, such as DenyHosts, and
|
||
|
configfile distribution systems, such as Cfengine. Especially if other blocking
|
||
|
methods differ between hosts at a site (e.g. kernel-level firewalling means).
|
||
|
|
||
|
You'll need to add the following line to /etc/httpd/httpd.conf:
|
||
|
Include /etc/httpd/mod_hosts_access.conf
|
||
|
|
||
|
LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so
|
||
|
|
||
|
The /etc/hosts.{allow,deny} access control checking for the "httpd" service
|
||
|
can now be enabled or disabled on a per directory basis, by adding HostsAccess
|
||
|
directive to its declaration, e.g. again in /etc/httpd/httpd.conf:
|
||
|
|
||
|
# First, we configure the "default" to be a very restrictive set of
|
||
|
# permissions.
|
||
|
#
|
||
|
#<Directory />
|
||
|
# HostsAccess On
|
||
|
# Options FollowSymLinks
|
||
|
# AllowOverride None
|
||
|
#</Directory>
|
||
|
|
||
|
To test, restart apache for it to load the module; edit /etc/hosts.allow
|
||
|
adding a line like the following:
|
||
|
|
||
|
httpd: localhost: deny
|
||
|
|
||
|
Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting
|
||
|
the index page should fail, to verify try:
|
||
|
|
||
|
lynx -dump localhost
|
||
|
|
||
|
The same can be done in a .htaccess file if AllowOverride Limit has been set.
|