summaryrefslogtreecommitdiff
path: root/network/mod_hosts_access/README.SLACKWARE
blob: ca0e265afe4e18b28ab0e00ae76f8d7d3859684c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
This system works well with dynamic blocking scripts, such as DenyHosts, and
configfile distribution systems, such as Cfengine. Especially if other blocking
methods differ between hosts at a site (e.g. kernel-level firewalling means).

You'll need to add the following line to /etc/httpd/httpd.conf:
  Include /etc/httpd/extra/mod_hosts_access.conf

LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so

The /etc/hosts.{allow,deny} access control checking for the "httpd" service
can now be enabled or disabled on a per directory basis, by adding HostsAccess
directive to its declaration, e.g. again in /etc/httpd/httpd.conf:

# First, we configure the "default" to be a very restrictive set of
# permissions.
#
#<Directory />
#    HostsAccess On
#    Options FollowSymLinks
#    AllowOverride None
#</Directory>

To test, restart apache for it to load the module; edit /etc/hosts.allow
adding a line like the following:

httpd: localhost: deny

Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting
the index page should fail, to verify try: 

	lynx -dump localhost

The same can be done in a .htaccess file if AllowOverride Limit has been set.