blob: 2486db84ecddec115591597d97f400b21b643807 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
mod_hosts_access
This is a DSO (dynamically shared object) module for the Apache webserver
that uses libwrap (TCP Wrapper) to check if the connecting hosts is allowed.
This system works well with dynamic blocking scripts, such as DenyHosts, and
configfile distribution systems, such as Cfengine. Especially if other blocking
methods differ between hosts at a site (e.g. kernel-level firewalling means).
At an appropriate place (i.e. where other modules are loaded similarly),
add to /etc/httpd/httpd.conf following line:
LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so
The /etc/hosts.{allow,deny} access control checking for the "httpd" service
can now be enabled or disabled on a per directory basis, by adding HostsAccess
directive to its declaration, e.g. again in /etc/httpd/httpd.conf:
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
#<Directory />
# HostsAccess On
# Options FollowSymLinks
# AllowOverride None
#</Directory>
To test, restart apache for it to load the module; edit /etc/hosts.allow
adding a line like the following:
httpd: localhost: deny
Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting
the index page should fail, to verify try:
lynx -dump localhost
The same can be done in a .htaccess file if AllowOverride Limit has been set.
|