blob: ca0e265afe4e18b28ab0e00ae76f8d7d3859684c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
This system works well with dynamic blocking scripts, such as DenyHosts, and
configfile distribution systems, such as Cfengine. Especially if other blocking
methods differ between hosts at a site (e.g. kernel-level firewalling means).
You'll need to add the following line to /etc/httpd/httpd.conf:
Include /etc/httpd/extra/mod_hosts_access.conf
LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so
The /etc/hosts.{allow,deny} access control checking for the "httpd" service
can now be enabled or disabled on a per directory basis, by adding HostsAccess
directive to its declaration, e.g. again in /etc/httpd/httpd.conf:
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
#<Directory />
# HostsAccess On
# Options FollowSymLinks
# AllowOverride None
#</Directory>
To test, restart apache for it to load the module; edit /etc/hosts.allow
adding a line like the following:
httpd: localhost: deny
Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting
the index page should fail, to verify try:
lynx -dump localhost
The same can be done in a .htaccess file if AllowOverride Limit has been set.
|