Mailing List Archive: Apache: Users

Access rules in an intranet

Index | Next | Previous | View Threaded

luis.a.de.sousa at gmail

Jun 12, 2012, 2:55 AM

Post #1 of 14 (755 views)
Permalink

Access rules in an intranet

Dear all,

I'm configuring a server to which I have ssh access through an intranet.
I'd like to open access to all nodes in the same IP range as mine to a
particular application (phppgadmin). In the .conf file I have the following:

order allow,deny
deny from all
allow from 10.215.xxx.xxx

But this way I get the Forbidden error in the browser. I've also tried with:

order allow,deny
deny from all
allow from 10.215

And even by specifying my IP:

order allow,deny
deny from all
allow from 10.215.1.119

Still, I get the Forbidden error. The only way I found out to access this
application is by using "allow from all", which is not acceptable since
this server will be going to the DMZ sometime.

What am I doing wrong? Any further information I can provide to solve this
issue?

Thank you.

rkumarrajput at gmail

Jun 12, 2012, 3:05 AM

Post #2 of 14 (728 views)
Permalink

Re: Access rules in an intranet [In reply to]

Hi Luis,

Please try with the below order. Hope this helps

order Allow,Deny
Allow from 10.215
Deny from all

Thanks

On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa <luis.a.de.sousa [at] gmail>wrote:

> Dear all,
>
> I'm configuring a server to which I have ssh access through an intranet.
> I'd like to open access to all nodes in the same IP range as mine to a
> particular application (phppgadmin). In the .conf file I have the following:
>
> order allow,deny
> deny from all
> allow from 10.215.xxx.xxx
>
> But this way I get the Forbidden error in the browser. I've also tried
> with:
>
> order allow,deny
> deny from all
> allow from 10.215
>
> And even by specifying my IP:
>
> order allow,deny
> deny from all
> allow from 10.215.1.119
>
> Still, I get the Forbidden error. The only way I found out to access this
> application is by using "allow from all", which is not acceptable since
> this server will be going to the DMZ sometime.
>
> What am I doing wrong? Any further information I can provide to solve this
> issue?
>
> Thank you.
>
>

luis.a.de.sousa at gmail

Jun 12, 2012, 5:08 AM

Post #3 of 14 (728 views)
Permalink

Re: Access rules in an intranet [In reply to]

Thank you for the reply Rajeev.

Unfortunately<http://duckduckgo.com/?q=unfortunately&ky=%23282828&kj=b2&kx=%23EE9D55&kl=wt-wt&k7=%23464545&k8=%23EFEFEF&k9=%23EDD400&kaa=%238AE234>
it
doesn't work that way either. Regards.

On 12 June 2012 12:05, Rajeev Kumar <rkumarrajput [at] gmail> wrote:

> Hi Luis,
>
> Please try with the below order. Hope this helps
>
>
> order Allow,Deny
> Allow from 10.215
> Deny from all
>
> Thanks
>
>
> On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa <luis.a.de.sousa [at] gmail>wrote:
>
>> Dear all,
>>
>> I'm configuring a server to which I have ssh access through an intranet.
>> I'd like to open access to all nodes in the same IP range as mine to a
>> particular application (phppgadmin). In the .conf file I have the following:
>>
>> order allow,deny
>> deny from all
>> allow from 10.215.xxx.xxx
>>
>> But this way I get the Forbidden error in the browser. I've also tried
>> with:
>>
>> order allow,deny
>> deny from all
>> allow from 10.215
>>
>> And even by specifying my IP:
>>
>> order allow,deny
>> deny from all
>> allow from 10.215.1.119
>>
>> Still, I get the Forbidden error. The only way I found out to access this
>> application is by using "allow from all", which is not acceptable since
>> this server will be going to the DMZ sometime.
>>
>> What am I doing wrong? Any further information I can provide to solve
>> this issue?
>>
>> Thank you.
>>
>>
>

covener at gmail

Jun 12, 2012, 5:14 AM

Post #4 of 14 (728 views)
Permalink

Re: Access rules in an intranet [In reply to]

On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa
<luis.a.de.sousa [at] gmail> wrote:
> Dear all,
>
> I'm configuring a server to which I have ssh access through an intranet. I'd
> like to open access to all nodes in the same IP range as mine to a
> particular application (phppgadmin). In the .conf file I have the following:
>
> order allow,deny
> deny from all
> allow from 10.215.xxx.xxx

In all your attempts, and the other reply, the "deny from all" is
processed after the "allow" due to the Order directive.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

luis.a.de.sousa at gmail

Jun 12, 2012, 6:27 AM

Post #5 of 14 (720 views)
Permalink

Re: Access rules in an intranet [In reply to]

Hi Eric,

Reading the documentation, it seems to me it shouldn't make a difference.
In any case trying with this configuration:

order Deny,Allow
Allow from 10.215
Deny from all

Doesn't the solve the problem either.

Thank you and regards.

On 12 June 2012 14:14, Eric Covener <covener [at] gmail> wrote:

> On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa
> <luis.a.de.sousa [at] gmail> wrote:
> > Dear all,
> >
> > I'm configuring a server to which I have ssh access through an intranet.
> I'd
> > like to open access to all nodes in the same IP range as mine to a
> > particular application (phppgadmin). In the .conf file I have the
> following:
> >
> > order allow,deny
> > deny from all
> > allow from 10.215.xxx.xxx
>
> In all your attempts, and the other reply, the "deny from all" is
> processed after the "allow" due to the Order directive.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe [at] httpd
> For additional commands, e-mail: users-help [at] httpd
>
>

covener at gmail

Jun 12, 2012, 7:50 AM

Post #6 of 14 (725 views)
Permalink

Re: Access rules in an intranet [In reply to]

On Tue, Jun 12, 2012 at 9:27 AM, Luís de Sousa
<luis.a.de.sousa [at] gmail> wrote:
> Hi Eric,
>
> Reading the documentation, it seems to me it shouldn't make a difference. In
> any case trying with this configuration:
>
> order Deny,Allow
> Allow from 10.215
> Deny from all
>
> Doesn't the solve the problem either.

What do your error and access log say?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

anamalikhan at yahoo

Jun 12, 2012, 11:54 AM

Post #7 of 14 (721 views)
Permalink

Re: Access rules in an intranet [In reply to]

Try the following configuration:

<Directory "phppgadmin location>
Order deny,allow
deny from all
allow from 10.215.1.0
</Directory>

Replace "phppgadmin location" with the actual location whereyou have installed your application.

Hope it will solve :)

-Anam

________________________________
From: Luís de Sousa <luis.a.de.sousa [at] gmail>
To: users [at] httpd
Sent: Tuesday, 12 June 2012, 14:55
Subject: [users [at] http] Access rules in an intranet

Dear all,

I'm configuring a server to which I have ssh access through an intranet. I'd like to open access to all nodes in the same IP range as mine to a particular application (phppgadmin). In the .conf file I have the following:

order allow,deny
deny from all
allow from 10.215.xxx.xxx

But this way I get the Forbidden error in the browser. I've also tried with:

order allow,deny
deny from all
allow from 10.215

And even by specifying my IP:

order allow,deny
deny from all
allow from 10.215.1.119

Still, I get the Forbidden error. The only way I found out to access this application is by using "allow from all", which is not acceptable since this server will be going to the DMZ sometime.

What am I doing wrong? Any further information I can provide to solve this issue?

Thank you.

luis.a.de.sousa at gmail

Jun 12, 2012, 11:52 PM

Post #8 of 14 (715 views)
Permalink

Re: Access rules in an intranet [In reply to]

Hi Anam,

Apache complains about it: "Directory not allowed here". I suppose it
doesn't like having two nested Directory blocks.

Thank you in any case.

On 12 June 2012 20:54, Anam Ali Khan <anamalikhan [at] yahoo> wrote:

> Try the following configuration:
>
> <Directory "phppgadmin location>
> Order deny,allow
> deny from all
> allow from 10.215.1.0
> </Directory>
>
> Replace "phppgadmin location" with the actual location whereyou have
> installed your application.
>
> Hope it will solve :)
>
> -Anam
>
>

luis.a.de.sousa at gmail

Jun 13, 2012, 12:03 AM

Post #9 of 14 (713 views)
Permalink

Re: Access rules in an intranet [In reply to]

Hi Eric,

For each access to the phppgadmin folder I'm getting this line at the error
log:

158.64.4.14 - - [13/Jun/2012:08:51:21 +0200] "GET /phppgadmin/ HTTP/1.1"
403 510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0)
Gecko/20100101 Firefox/13.0"

It doesn't say much to me. Thank you for answering.

On 12 June 2012 16:50, Eric Covener <covener [at] gmail> wrote:

>
> What do your error and access log say?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe [at] httpd
> For additional commands, e-mail: users-help [at] httpd
>
>

anamalikhan at yahoo

Jun 13, 2012, 10:18 AM

Post #10 of 14 (713 views)
Permalink

Re: Access rules in an intranet [In reply to]

Hi,

Insert "Directory" block in virtual host container (configuration). It seems you have added in that area where <Directory> option is not allowed.

-Anam

________________________________
From: Luís de Sousa <luis.a.de.sousa [at] gmail>
To: users [at] httpd; Anam Ali Khan <anamalikhan [at] yahoo>
Sent: Wednesday, 13 June 2012, 11:52
Subject: Re: [users [at] http] Access rules in an intranet

Hi Anam,

Apache complains about it: "Directory not allowed here". I suppose it doesn't like having two nested Directory blocks.

Thank you in any case.

On 12 June 2012 20:54, Anam Ali Khan <anamalikhan [at] yahoo> wrote:

Try the following configuration:
>
>
><Directory "phppgadmin location>
>Order deny,allow
>deny from all
>allow from 10.215.1.0
></Directory>
>
>
>Replace "phppgadmin location" with the actual location whereyou have installed your application.
>
>
>Hope it will solve :)
>
>
>
>-Anam
>
>
>

luis.a.de.sousa at gmail

Jun 14, 2012, 12:19 AM

Post #11 of 14 (695 views)
Permalink

Re: Access rules in an intranet [In reply to]

Hi Anam,

The config file has only two blocks: DirectoryMatch and IfModule, organised
like this:

<DirectoryMatch /usr/share/phppgadmin/>
...
<IfModule mod_php4.c>
...
</IfModule>
...
</DirectoryMatch>

Where exactly should I put the Directory block?

Thank you.

On 13 June 2012 19:18, Anam Ali Khan <anamalikhan [at] yahoo> wrote:

> Hi,
>
> Insert "Directory" block in virtual host container (configuration). It
> seems you have added in that area where <Directory> option is not allowed.
>
> -Anam
>
>

anamalikhan at yahoo

Jun 14, 2012, 9:44 AM

Post #12 of 14 (694 views)
Permalink

Re: Access rules in an intranet [In reply to]

I think you don't need to use <DirectoryMatch> option in your config file. Replace <DirectoryMatch> with <Directory> option and add following code in it.

Order deny,allow
deny from all
allow from 10.215.1.0</Directory

-Anam

________________________________
From: Luís de Sousa <luis.a.de.sousa [at] gmail>
To: users [at] httpd; Anam Ali Khan <anamalikhan [at] yahoo>
Sent: Thursday, 14 June 2012, 12:19
Subject: Re: [users [at] http] Access rules in an intranet

Hi Anam,

The config file has only two blocks: DirectoryMatch and IfModule, organised like this:

<DirectoryMatch /usr/share/phppgadmin/>
...
<IfModule mod_php4.c>
...
</IfModule>
...
</DirectoryMatch>

Where exactly should I put the Directory block?

Thank you.

On 13 June 2012 19:18, Anam Ali Khan <anamalikhan [at] yahoo> wrote:

Hi,
>
>
>Insert "Directory" block in virtual host container (configuration). It seems you have added in that area where <Directory> option is not allowed.
>
>
>-Anam
>
>

toomas.aas at raad

Jun 14, 2012, 9:53 PM

Post #13 of 14 (691 views)
Permalink

Re: Access rules in an intranet [In reply to]

Wed, 13 Jun 2012 kirjutas Luís de Sousa <luis.a.de.sousa [at] gmail>:

> For each access to the phppgadmin folder I'm getting this line at the error
> log:
>
> 158.64.4.14 - - [13/Jun/2012:08:51:21 +0200] "GET /phppgadmin/ HTTP/1.1"
> 403 510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0)
> Gecko/20100101 Firefox/13.0"

Your configuration directives allow access from 10.215.xxx.xxx, but
when you actually access the site, requests come from 158.64.4.14.
Maybe your browser is using a proxy?

--
Toomas Aas

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

luis.a.de.sousa at gmail

Jun 18, 2012, 12:56 AM

Post #14 of 14 (638 views)
Permalink

Re: Access rules in an intranet [In reply to]

Hi Toomas,

Indeed, using netstat I could verify that when I'm connect to other
services on that server the access IP is 158.64.4.14. I have no idea how,
but some proxy must be in between, since there's configured in the browser.
Knowing that the IP in the error log is that of the incoming request was
able to configure the access to pgphpadmin correctly.

Thank you very much,

Luís

On 15 June 2012 06:53, Toomas Aas <toomas.aas [at] raad> wrote:

> Wed, 13 Jun 2012 kirjutas Luís de Sousa <luis.a.de.sousa [at] gmail>:
>
>
> For each access to the phppgadmin folder I'm getting this line at the
>> error
>> log:
>>
>> 158.64.4.14 - - [13/Jun/2012:08:51:21 +0200] "GET /phppgadmin/ HTTP/1.1"
>> 403 510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0)
>> Gecko/20100101 Firefox/13.0"
>>
>
> Your configuration directives allow access from 10.215.xxx.xxx, but when
> you actually access the site, requests come from 158.64.4.14. Maybe your
> browser is using a proxy?
>
> --
> Toomas Aas
>

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads