Allowing one IP gives all access

Thread: Allowing one IP gives all access

Search this list only Search all lists
Allowing one IP gives all access
United States	2007-09-26 11:15:20
I am trying to allow only a few IP addresses access. The strange thing is I went home and noticed I had access from my home computer when I shouldn't have. I went back to work and tested things and found that a single IP address that I was allowing caused everyone to be allowed. I tested using a proxy. When I had that address allowed, the proxy had access when it shouldn't. When I didn't allow that IP, the proxy didn't have access but neither did the other IPs I was explicitly allowing. How could this be? Here is my httpd-ssl.conf file below. When I allow ccc.ccc.ccc.ccc, then the proxy and everyone has access even if they shouldn't. When I don't allow ccc.ccc.ccc.ccc, then the proxy doesn't have access but also bbb.bbb.bbb.bbb doesn't have access! I have tested with IIS6 and it does not behave that way. It behaves properly and denies access to the proxy even with that "special" IP address allowed. ---- <VirtualHost aaa.aaa.aaa.aaa:443> # General setup for the virtual host DocumentRoot "F:/Apache_Software_Foundation/Apache2.2/htdocs" ServerName aaa.aaa.aaa.aaa:443 ErrorLog logs/aaa.aaa.aaa.aaa-error.log CustomLog logs/aaa.aaa.aaa.aaa-access.log common #ErrorLog F:/Apache_Software_Foundation/Apache2.2/logs/error_log TransferLog F:/Apache_Software_Foundation/Apache2.2/logs/access_log # Location directive allows for restricting access by IP to a location on this host <Location /blah> Order deny,allow Deny from all Allow from aaa.aaa.aaa.aaa Allow from bbb.bbb.bbb.bbb Allow from ccc.ccc.ccc.ccc </Location> </VirtualHost> -- View this message in context: http://www.nabble.com/Allowing-on e-IP-gives-all-access-tf4523340.html#a12904289 Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. ------------------------------------------------------------ --------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://htt pd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribehttpd.apache.org " from the digest: users-digest-unsubscribehttpd.apache.org For additional commands, e-mail: users-helphttpd.apache.org

Re: Allowing one IP gives all access
United States	2007-09-27 10:17:43
Hi, I have a few questions about the config that you displayed, and perhaps they'll lead to a resolution. First question: Is IP address aaa.aaa.aaa.aaa the server's internal IP address? Second question: <Location /blah> doesn't appear to have an alias. I'm not 100% sure one isn't needed, but I think it might. Try this: <VirtualHost aaa.aaa.aaa.aaa:443> # General setup for the virtual host DocumentRoot "F:/Apache_Software_Foundation/Apache2.2/htdocs" ServerName aaa.aaa.aaa.aaa:443 ErrorLog logs/aaa.aaa.aaa.aaa-error.log CustomLog logs/aaa.aaa.aaa.aaa-access.log common #ErrorLog F:/Apache_Software_Foundation/Apache2.2/logs/error_log TransferLog F:/Apache_Software_Foundation/Apache2.2/logs/access_log Alias /blah "F:/Apache_Software_Foundation/Apache2.2/htdocs/blah&qu ot; Sincerely, -Rachel On Wed, 2007-09-26 at 10:15, mikat wrote: > I am trying to allow only a few IP addresses access. The strange thing is I > went home and noticed I had access from my home computer when I shouldn't > have. I went back to work and tested things and found that a single IP > address that I was allowing caused everyone to be allowed. I tested using a > proxy. When I had that address allowed, the proxy had access when it > shouldn't. When I didn't allow that IP, the proxy didn't have access but > neither did the other IPs I was explicitly allowing. How could this be? > > Here is my httpd-ssl.conf file below. When I allow ccc.ccc.ccc.ccc, then > the proxy and everyone has access even if they shouldn't. When I don't > allow ccc.ccc.ccc.ccc, then the proxy doesn't have access but also > bbb.bbb.bbb.bbb doesn't have access! > > I have tested with IIS6 and it does not behave that way. It behaves > properly and denies access to the proxy even with that "special" IP address > allowed. > ---- > <VirtualHost aaa.aaa.aaa.aaa:443> > > # General setup for the virtual host > DocumentRoot "F:/Apache_Software_Foundation/Apache2.2/htdocs" > ServerName aaa.aaa.aaa.aaa:443 > ErrorLog logs/aaa.aaa.aaa.aaa-error.log > CustomLog logs/aaa.aaa.aaa.aaa-access.log common > #ErrorLog F:/Apache_Software_Foundation/Apache2.2/logs/error_log > TransferLog F:/Apache_Software_Foundation/Apache2.2/logs/access_log > > # Location directive allows for restricting access by IP to a location on > this host > <Location /blah> > Order deny,allow > Deny from all > Allow from aaa.aaa.aaa.aaa > Allow from bbb.bbb.bbb.bbb > Allow from ccc.ccc.ccc.ccc > </Location> > > </VirtualHost> > > ------------------------------------------------------------ --------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://htt pd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribehttpd.apache.org " from the digest: users-digest-unsubscribehttpd.apache.org For additional commands, e-mail: users-helphttpd.apache.org

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )