|
Home > Archive > Web Servers on Unix and Linux > April 2004 > Apache order confusion
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Apache order confusion
|
|
| Jay Man 2004-04-02, 9:44 am |
| I have a large class b network for which i want to allow most the
networks access to a web site and require a few to have to log in and
deny access to any users outside of the class b. So I did this:
order allow,deny
allow from 192.168.0.0/255.255.0.0
deny from all, 192.168.1.0/25 192.168.2.0/25 192.168.3.0/25
This works. So, I'm confused. I didn't expect this work. The allow
statements allows the entire class b but then the deny statments
denies "all". What does the all mean?
I'm confused and the apache doc didn't help.
This is on 1.3.
Thanks!
| |
| Joshua Slive 2004-04-07, 3:40 pm |
| jayhaque@yahoo.com (Jay Man) wrote in message news:<f74f8159.0404020607.d5a12a0@posting.google.com>...
> I have a large class b network for which i want to allow most the
> networks access to a web site and require a few to have to log in and
> deny access to any users outside of the class b. So I did this:
>
> order allow,deny
> allow from 192.168.0.0/255.255.0.0
> deny from all, 192.168.1.0/25 192.168.2.0/25 192.168.3.0/25
>
>
> This works. So, I'm confused. I didn't expect this work. The allow
> statements allows the entire class b but then the deny statments
> denies "all". What does the all mean?
>
> I'm confused and the apache doc didn't help.
Actually, you are not denying all hosts. Rather, you are denying a
host named "all,". Commas are not an accepted separator for this
directive!
Since you have "Order allow,deny", the default access state is "deny",
so any host not in 192.168.0.0/255.255.0.0 is dennied access.
Joshua.
| |
| Jay Man 2004-04-11, 4:30 pm |
| Thanks, that makes perfect sense.
I still stumped on how to write the statement.
Allow most of 192.68.0.0, deny certain subnets, and don't allow anyone
out side of 192.168.0.0.
Some what confused here, any help is appriciated.
google@slive.ca (Joshua Slive) wrote in message news:<916ecaf4.0404071132.3c4c11eb@posting.google.com>...
> jayhaque@yahoo.com (Jay Man) wrote in message news:<f74f8159.0404020607.d5a12a0@posting.google.com>...
>
> Actually, you are not denying all hosts. Rather, you are denying a
> host named "all,". Commas are not an accepted separator for this
> directive!
>
> Since you have "Order allow,deny", the default access state is "deny",
> so any host not in 192.168.0.0/255.255.0.0 is dennied access.
>
> Joshua.
| |
| Joshua Slive 2004-04-11, 4:30 pm |
| jayhaque@yahoo.com (Jay Man) wrote in message news:<f74f8159.0404080731.586c9380@posting.google.com>...
> Thanks, that makes perfect sense.
>
> I still stumped on how to write the statement.
>
> Allow most of 192.68.0.0, deny certain subnets, and don't allow anyone
> out side of 192.168.0.0.
>
> Some what confused here, any help is appriciated.
Your original example should work fine as long as you remove the "all,":
order allow,deny
allow from 192.168.0.0/255.255.0.0
deny from 192.168.1.0/25 192.168.2.0/25 192.168.3.0/25
This says
- Start by denying all users (default access state)
- Then evaluate the allow directives: allow anyone in 192.168
- Then evaluate the deny directives: deny the three subnets.
Joshua.
|
|
|
|
|