network/mod_hosts_access: Build bump, various changes.

Signed-off-by: Erik Hanson <erik@slackbuilds.org>
This commit is contained in:
Menno Duursma 2010-07-22 15:59:38 -05:00 committed by Erik Hanson
parent b9ad855296
commit 7cd192a0d8
6 changed files with 43 additions and 50 deletions

View file

@ -3,37 +3,4 @@ mod_hosts_access
This is a DSO (dynamically shared object) module for the Apache webserver
that uses libwrap (TCP Wrappers) to check if the connecting hosts is allowed.
This system works well with dynamic blocking scripts, such as DenyHosts, and
configfile distribution systems, such as Cfengine. Especially if other blocking
methods differ between hosts at a site (e.g. kernel-level firewalling means).
You'll need to add the following line to /etc/httpd/httpd.conf:
Include /etc/httpd/mod_hosts_access.conf
LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so
The /etc/hosts.{allow,deny} access control checking for the "httpd" service
can now be enabled or disabled on a per directory basis, by adding HostsAccess
directive to its declaration, e.g. again in /etc/httpd/httpd.conf:
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
#<Directory />
# HostsAccess On
# Options FollowSymLinks
# AllowOverride None
#</Directory>
To test, restart apache for it to load the module; edit /etc/hosts.allow
adding a line like the following:
httpd: localhost: deny
Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting
the index page should fail, to verify try:
lynx -dump localhost
The same can be done in a .htaccess file if AllowOverride Limit has been set.
See also: README.SLACKWARE

View file

@ -0,0 +1,33 @@
This system works well with dynamic blocking scripts, such as DenyHosts, and
configfile distribution systems, such as Cfengine. Especially if other blocking
methods differ between hosts at a site (e.g. kernel-level firewalling means).
You'll need to add the following line to /etc/httpd/httpd.conf:
Include /etc/httpd/mod_hosts_access.conf
LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so
The /etc/hosts.{allow,deny} access control checking for the "httpd" service
can now be enabled or disabled on a per directory basis, by adding HostsAccess
directive to its declaration, e.g. again in /etc/httpd/httpd.conf:
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
#<Directory />
# HostsAccess On
# Options FollowSymLinks
# AllowOverride None
#</Directory>
To test, restart apache for it to load the module; edit /etc/hosts.allow
adding a line like the following:
httpd: localhost: deny
Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting
the index page should fail, to verify try:
lynx -dump localhost
The same can be done in a .htaccess file if AllowOverride Limit has been set.

View file

@ -11,5 +11,4 @@ config() {
# Otherwise, we leave the .new copy for the admin to consider...
}
config etc/mod_hosts_access.conf.new
config etc/httpd/mod_hosts_access.conf.new

View file

@ -2,7 +2,7 @@
# Slackware build script for mod_hosts_access (libwrap support in Apache)
# Written by Menno E. Duursma
# Written by Menno Duursma
# This program is free software. It comes without any warranty.
# Granted WFTPL, Version 2, as published by Sam Hocevar. See
@ -10,15 +10,13 @@
PRGNAM=mod_hosts_access
VERSION=1.1.0
BUILD=${BUILD:-1}
BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) ARCH=i486 ;;
arm*) ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) ARCH=$( uname -m ) ;;
esac
fi
@ -53,27 +51,23 @@ cd $PRGNAM-$VERSION
chown -R root:root .
chmod -R a-s,u+w,go+r-w .
# Create target dir
mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules
# Compile module as DSO (dynmically shared object)
CFLAGS="$SLACKFLAGS" apxs -ca mod_hosts_access.c -lwrap -lnsl
# copy into place
cp .libs/mod_hosts_access.so $PKG/usr/lib${LIBDIRSUFFIX}/httpd/modules
mkdir -p $PKG/etc/httpd
sed "s%@baselibdir@%lib${LIBDIRSUFFIX}%" $CWD/mod_hosts_access.conf > \
sed "s%@baselibdir@%lib${LIBDIRSUFFIX}%" $CWD/config/mod_hosts_access.conf > \
$PKG/etc/httpd/mod_hosts_access.conf.new
( cd $PKG || exit 1
find . -type f | xargs file | grep -e "executable" -e "shared object" | \
find $PKG -type f | xargs file | grep -e "executable" -e "shared object" | \
grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
)
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a [A-Z]* $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc

View file

@ -5,6 +5,6 @@ DOWNLOAD="http://downloads.sourceforge.net/httpd-garage/mod_hosts_access-1.1.0.t
MD5SUM="2e4fd22e778c8d98d433344a46421eb7"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
MAINTAINER="Menno E. Duursma"
MAINTAINER="Menno Duursma"
EMAIL="druiloor@zonnet.nl"
APPROVED="rworkman,Erik Hanson"
APPROVED="Erik Hanson"