Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Allow Deny, confused |
|
| Author |
|
sambache
Joined: 11 Feb 2014
Posts: 11
|
 Posted: Fri 21 Feb '14 3:56 Post subject: Allow Deny, confused |
 |
|
Hello all,
this is my first Apache install at all. Installation of 2.4 went well, got php working as well.
The Deny/Allow access rules are a bit of confusing in the way, that common sense doesn't make sense to me. Not yet!
The situation is this:
I get an 403 Forbidden error when accessing the test site "It Work's" with this in the httpd.conf
<Directory "c:/Apache24/htdocs">
Options None
AllowOverride None
Order Allow,Deny
Allow from 127.0.0.1
Allow from localhost
Require all denied
<Directory>
That's how I understand/read the access rule:
Order is first to Allow, than Deny
Allow from localhost
Deny from all other connections
Where it doesn't make sense to me:
Connecting from localhost (physical same machine where Apache runs on) I get a 403 error
And here comes the Bang: connecting from a machine on the LAN (say 192.168.100.199) I have access and "It Work's".
For me; it is the exact opposite from what is the rule above. What I found, I can change the order of Allow/Deny but it has to be reflected in the statements below.
What is wrong, or better, what do I understand wrong ?
Johannes |
|
| Back to top |
|
jimski
Joined: 18 Jan 2014
Posts: 196
Location: USSA
|
| Posted: Fri 21 Feb '14 15:15 Post subject: |
|
|
The "deny, allow" are the old rules from Apache 2.2
With Apache 2.4 use these rules:
Require all denied (all requests are denied)
Require all granted (all requests are allowed)
Here is reference:
http://httpd.apache.org/docs/2.4/upgrading.html |
|
| Back to top |
|
jimski
Joined: 18 Jan 2014
Posts: 196
Location: USSA
|
| Posted: Fri 21 Feb '14 21:35 Post subject: |
|
|
Also replace this:
Allow from 127.0.0.1
with this
Require host localhost
or
Require ip 127.0.0.1
To deny access from specific host use this
Require not ip 127.0.0.1
Example:
<Directory "c:/Apache24/htdocs">
Options FollowSymlinks
AllowOverride None
Require ip 127.0.0.1
<Directory>
Last edited by jimski on Sat 22 Feb '14 8:50; edited 4 times in total |
|
| Back to top |
|
sambache
Joined: 11 Feb 2014
Posts: 11
|
| Posted: Sat 22 Feb '14 6:11 Post subject: |
|
|
Hello jimski,
thank you for the info and the link. I got it working but with a few slight changes according to the info from the link.
When using IP numbers: Require ip ....
For localhost or 127.0.0.1: Require local
For a domain: Require host mydomain.com
For negating rules, I found only a sample for groups:
Require not group "groupname"
For now, I allow first, than disallow the rest. To stay with my sample:
<Directory "C:/apache24/htdocs/server">
AllowOverride All
Require local
Require ip 192.168.100
Require all denied
</Directory>
This gives me access from localhost and from the LAN IP range. Exactly what I want.
Thank you again for the tips.
Johannes |
|
| Back to top |
|
jimski
Joined: 18 Jan 2014
Posts: 196
Location: USSA
|
| Posted: Sat 22 Feb '14 8:42 Post subject: |
|
|
| Glad it helped. And yes, the proper use is: Require ip xxx.xxx.xxx.xxx |
|
| Back to top |
|
|
|
|
|
|
