1 files changed, 39 insertions, 0 deletions

diff --git a/network/mod_hosts_access/README b/network/mod_hosts_access/README
new file mode 100644
index 0000000000..2486db84ec
--- /dev/null
+++ b/network/mod_hosts_access/README
@@ -0,0 +1,39 @@
+mod_hosts_access
+
+This is a DSO (dynamically shared object) module for the Apache webserver
+that uses libwrap (TCP Wrapper) to check if the connecting hosts is allowed.
+
+This system works well with dynamic blocking scripts, such as DenyHosts, and
+configfile distribution systems, such as Cfengine. Especially if other blocking
+methods differ between hosts at a site (e.g. kernel-level firewalling means).
+
+At an appropriate place (i.e. where other modules are loaded similarly),
+add to /etc/httpd/httpd.conf following line:
+
+LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so
+
+The /etc/hosts.{allow,deny} access control checking for the "httpd" service
+can now be enabled or disabled on a per directory basis, by adding HostsAccess
+directive to its declaration, e.g. again in /etc/httpd/httpd.conf:
+
+# First, we configure the "default" to be a very restrictive set of
+# permissions.
+#
+#<Directory />
+#    HostsAccess On
+#    Options FollowSymLinks
+#    AllowOverride None
+#</Directory>
+
+To test, restart apache for it to load the module; edit /etc/hosts.allow
+adding a line like the following:
+
+httpd: localhost: deny
+
+Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting
+the index page should fail, to verify try: 
+
+	lynx -dump localhost
+
+The same can be done in a .htaccess file if AllowOverride Limit has been set.
+