diff options
-rw-r--r-- | network/mod_hosts_access/README | 39 | ||||
-rw-r--r-- | network/mod_hosts_access/mod_hosts_access.SlackBuild | 62 | ||||
-rw-r--r-- | network/mod_hosts_access/mod_hosts_access.info | 8 | ||||
-rw-r--r-- | network/mod_hosts_access/slack-desc | 19 |
4 files changed, 128 insertions, 0 deletions
diff --git a/network/mod_hosts_access/README b/network/mod_hosts_access/README new file mode 100644 index 0000000000..2486db84ec --- /dev/null +++ b/network/mod_hosts_access/README @@ -0,0 +1,39 @@ +mod_hosts_access + +This is a DSO (dynamically shared object) module for the Apache webserver +that uses libwrap (TCP Wrapper) to check if the connecting hosts is allowed. + +This system works well with dynamic blocking scripts, such as DenyHosts, and +configfile distribution systems, such as Cfengine. Especially if other blocking +methods differ between hosts at a site (e.g. kernel-level firewalling means). + +At an appropriate place (i.e. where other modules are loaded similarly), +add to /etc/httpd/httpd.conf following line: + +LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so + +The /etc/hosts.{allow,deny} access control checking for the "httpd" service +can now be enabled or disabled on a per directory basis, by adding HostsAccess +directive to its declaration, e.g. again in /etc/httpd/httpd.conf: + +# First, we configure the "default" to be a very restrictive set of +# permissions. +# +#<Directory /> +# HostsAccess On +# Options FollowSymLinks +# AllowOverride None +#</Directory> + +To test, restart apache for it to load the module; edit /etc/hosts.allow +adding a line like the following: + +httpd: localhost: deny + +Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting +the index page should fail, to verify try: + + lynx -dump localhost + +The same can be done in a .htaccess file if AllowOverride Limit has been set. + diff --git a/network/mod_hosts_access/mod_hosts_access.SlackBuild b/network/mod_hosts_access/mod_hosts_access.SlackBuild new file mode 100644 index 0000000000..905266cf97 --- /dev/null +++ b/network/mod_hosts_access/mod_hosts_access.SlackBuild @@ -0,0 +1,62 @@ +#!/bin/sh + +# Slackware build script for mod_hosts_access (libwrap support in Apache) + +# Written by Menno E. Duursma + +# This program is free software. It comes without any warranty. +# Granted WFTPL, Version 2, as published by Sam Hocevar. See +# http://sam.zoy.org/wtfpl/COPYING for more details. + +PRGNAM=mod_hosts_access +VERSION=1.1.0 +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} +CWD=`pwd` +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +fi + +set -e # exit on most errors + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar -xzvf $CWD/$PRGNAM-$VERSION.tar.gz || exit 1 +cd $PRGNAM-$VERSION +chown -R root:root . +chmod -R a-s,u+w,go+r-w . + +# Create target dir +mkdir -p $PKG/usr/lib/httpd/modules + +# Compile module as DSO (dynmically shared object) +CFLAGS="$SLACKFLAGS" \ +apxs -ca mod_hosts_access.c -lwrap -lnsl + +# copy into place +cp .libs/mod_hosts_access.so $PKG/usr/lib/httpd/modules + +( cd $PKG || exit 1 + find . -type f | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a [A-Z]* $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz diff --git a/network/mod_hosts_access/mod_hosts_access.info b/network/mod_hosts_access/mod_hosts_access.info new file mode 100644 index 0000000000..5aba10416a --- /dev/null +++ b/network/mod_hosts_access/mod_hosts_access.info @@ -0,0 +1,8 @@ +PRGNAM="mod_hosts_access" +VERSION="1.1.0" +HOMEPAGE="http://www.klomp.org/mod_hosts_access/" +DOWNLOAD="http://dl.sourceforge.net/sourceforge/httpd-garage/mod_hosts_access-1.1.0.tar.gz" +MD5SUM="2e4fd22e778c8d98d433344a46421eb7" +MAINTAINER="Menno E. Duursma" +EMAIL="druiloor@zonnet.nl" +APPROVED="robw810,Erik Hanson" diff --git a/network/mod_hosts_access/slack-desc b/network/mod_hosts_access/slack-desc new file mode 100644 index 0000000000..16ec11ff64 --- /dev/null +++ b/network/mod_hosts_access/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +mod_hosts_access: mod_hosts_access (Apache hosts ACL module) +mod_hosts_access: +mod_hosts_access: Httpd support for Wietse Venema's TCP Wrapper (libwrap) +mod_hosts_access: hosts based access control system +mod_hosts_access: +mod_hosts_access: mod_hosts_access is developed by +mod_hosts_access: Vincent Partington, Ken Coar +mod_hosts_access: +mod_hosts_access: Please see the README for instructions no how to enable it. +mod_hosts_access: +mod_hosts_access: |