mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-18 22:06:04 +01:00
39 lines
1.3 KiB
Text
39 lines
1.3 KiB
Text
mod_hosts_access
|
|
|
|
This is a DSO (dynamically shared object) module for the Apache webserver
|
|
that uses libwrap (TCP Wrapper) to check if the connecting hosts is allowed.
|
|
|
|
This system works well with dynamic blocking scripts, such as DenyHosts, and
|
|
configfile distribution systems, such as Cfengine. Especially if other blocking
|
|
methods differ between hosts at a site (e.g. kernel-level firewalling means).
|
|
|
|
At an appropriate place (i.e. where other modules are loaded similarly),
|
|
add to /etc/httpd/httpd.conf following line:
|
|
|
|
LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so
|
|
|
|
The /etc/hosts.{allow,deny} access control checking for the "httpd" service
|
|
can now be enabled or disabled on a per directory basis, by adding HostsAccess
|
|
directive to its declaration, e.g. again in /etc/httpd/httpd.conf:
|
|
|
|
# First, we configure the "default" to be a very restrictive set of
|
|
# permissions.
|
|
#
|
|
#<Directory />
|
|
# HostsAccess On
|
|
# Options FollowSymLinks
|
|
# AllowOverride None
|
|
#</Directory>
|
|
|
|
To test, restart apache for it to load the module; edit /etc/hosts.allow
|
|
adding a line like the following:
|
|
|
|
httpd: localhost: deny
|
|
|
|
Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting
|
|
the index page should fail, to verify try:
|
|
|
|
lynx -dump localhost
|
|
|
|
The same can be done in a .htaccess file if AllowOverride Limit has been set.
|
|
|