Mailing List Archive

Access rules in an intranet
Dear all,

I'm configuring a server to which I have ssh access through an intranet.
I'd like to open access to all nodes in the same IP range as mine to a
particular application (phppgadmin). In the .conf file I have the following:

order allow,deny
deny from all
allow from 10.215.xxx.xxx

But this way I get the Forbidden error in the browser. I've also tried with:

order allow,deny
deny from all
allow from 10.215

And even by specifying my IP:

order allow,deny
deny from all
allow from 10.215.1.119

Still, I get the Forbidden error. The only way I found out to access this
application is by using "allow from all", which is not acceptable since
this server will be going to the DMZ sometime.

What am I doing wrong? Any further information I can provide to solve this
issue?

Thank you.
Re: Access rules in an intranet [ In reply to ]
Hi Luis,

Please try with the below order. Hope this helps


order Allow,Deny
Allow from 10.215
Deny from all

Thanks

On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa <luis.a.de.sousa@gmail.com>wrote:

> Dear all,
>
> I'm configuring a server to which I have ssh access through an intranet.
> I'd like to open access to all nodes in the same IP range as mine to a
> particular application (phppgadmin). In the .conf file I have the following:
>
> order allow,deny
> deny from all
> allow from 10.215.xxx.xxx
>
> But this way I get the Forbidden error in the browser. I've also tried
> with:
>
> order allow,deny
> deny from all
> allow from 10.215
>
> And even by specifying my IP:
>
> order allow,deny
> deny from all
> allow from 10.215.1.119
>
> Still, I get the Forbidden error. The only way I found out to access this
> application is by using "allow from all", which is not acceptable since
> this server will be going to the DMZ sometime.
>
> What am I doing wrong? Any further information I can provide to solve this
> issue?
>
> Thank you.
>
>
Re: Access rules in an intranet [ In reply to ]
Thank you for the reply Rajeev.

Unfortunately<http://duckduckgo.com/?q=unfortunately&ky=%23282828&kj=b2&kx=%23EE9D55&kl=wt-wt&k7=%23464545&k8=%23EFEFEF&k9=%23EDD400&kaa=%238AE234>
it
doesn't work that way either. Regards.

On 12 June 2012 12:05, Rajeev Kumar <rkumarrajput@gmail.com> wrote:

> Hi Luis,
>
> Please try with the below order. Hope this helps
>
>
> order Allow,Deny
> Allow from 10.215
> Deny from all
>
> Thanks
>
>
> On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa <luis.a.de.sousa@gmail.com>wrote:
>
>> Dear all,
>>
>> I'm configuring a server to which I have ssh access through an intranet.
>> I'd like to open access to all nodes in the same IP range as mine to a
>> particular application (phppgadmin). In the .conf file I have the following:
>>
>> order allow,deny
>> deny from all
>> allow from 10.215.xxx.xxx
>>
>> But this way I get the Forbidden error in the browser. I've also tried
>> with:
>>
>> order allow,deny
>> deny from all
>> allow from 10.215
>>
>> And even by specifying my IP:
>>
>> order allow,deny
>> deny from all
>> allow from 10.215.1.119
>>
>> Still, I get the Forbidden error. The only way I found out to access this
>> application is by using "allow from all", which is not acceptable since
>> this server will be going to the DMZ sometime.
>>
>> What am I doing wrong? Any further information I can provide to solve
>> this issue?
>>
>> Thank you.
>>
>>
>
Re: Access rules in an intranet [ In reply to ]
On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa
<luis.a.de.sousa@gmail.com> wrote:
> Dear all,
>
> I'm configuring a server to which I have ssh access through an intranet. I'd
> like to open access to all nodes in the same IP range as mine to a
> particular application (phppgadmin). In the .conf file I have the following:
>
> order allow,deny
> deny from all
> allow from 10.215.xxx.xxx

In all your attempts, and the other reply, the "deny from all" is
processed after the "allow" due to the Order directive.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Access rules in an intranet [ In reply to ]
Hi Eric,

Reading the documentation, it seems to me it shouldn't make a difference.
In any case trying with this configuration:

order Deny,Allow
Allow from 10.215
Deny from all

Doesn't the solve the problem either.

Thank you and regards.

On 12 June 2012 14:14, Eric Covener <covener@gmail.com> wrote:

> On Tue, Jun 12, 2012 at 5:55 AM, Luís de Sousa
> <luis.a.de.sousa@gmail.com> wrote:
> > Dear all,
> >
> > I'm configuring a server to which I have ssh access through an intranet.
> I'd
> > like to open access to all nodes in the same IP range as mine to a
> > particular application (phppgadmin). In the .conf file I have the
> following:
> >
> > order allow,deny
> > deny from all
> > allow from 10.215.xxx.xxx
>
> In all your attempts, and the other reply, the "deny from all" is
> processed after the "allow" due to the Order directive.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: Access rules in an intranet [ In reply to ]
On Tue, Jun 12, 2012 at 9:27 AM, Luís de Sousa
<luis.a.de.sousa@gmail.com> wrote:
> Hi Eric,
>
> Reading the documentation, it seems to me it shouldn't make a difference. In
> any case trying with this configuration:
>
> order Deny,Allow
> Allow from 10.215
> Deny from all
>
> Doesn't the solve the problem either.

What do your error and access log say?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Access rules in an intranet [ In reply to ]
Try the following configuration:

<Directory "phppgadmin location>
Order deny,allow
deny from all
allow from 10.215.1.0
</Directory>

Replace "phppgadmin location" with the actual location whereyou have installed your application.

Hope it will solve :)


-Anam



________________________________
From: Luís de Sousa <luis.a.de.sousa@gmail.com>
To: users@httpd.apache.org
Sent: Tuesday, 12 June 2012, 14:55
Subject: [users@httpd] Access rules in an intranet


Dear all,

I'm configuring a server to which I have ssh access through an intranet. I'd like to open access to all nodes in the same IP range as mine to a particular application (phppgadmin). In the .conf file I have the following:

order allow,deny
deny from all
allow from 10.215.xxx.xxx

But this way I get the Forbidden error in the browser. I've also tried with:

order allow,deny
deny from all
allow from 10.215

And even by specifying my IP:

order allow,deny
deny from all
allow from 10.215.1.119

Still, I get the Forbidden error. The only way I found out to access this application is by using "allow from all", which is not acceptable since this server will be going to the DMZ sometime.

What am I doing wrong? Any further information I can provide to solve this issue?

Thank you.
Re: Access rules in an intranet [ In reply to ]
Hi Anam,

Apache complains about it: "Directory not allowed here". I suppose it
doesn't like having two nested Directory blocks.

Thank you in any case.

On 12 June 2012 20:54, Anam Ali Khan <anamalikhan@yahoo.com> wrote:

> Try the following configuration:
>
> <Directory "phppgadmin location>
> Order deny,allow
> deny from all
> allow from 10.215.1.0
> </Directory>
>
> Replace "phppgadmin location" with the actual location whereyou have
> installed your application.
>
> Hope it will solve :)
>
> -Anam
>
>
Re: Access rules in an intranet [ In reply to ]
Hi Eric,

For each access to the phppgadmin folder I'm getting this line at the error
log:

158.64.4.14 - - [13/Jun/2012:08:51:21 +0200] "GET /phppgadmin/ HTTP/1.1"
403 510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0)
Gecko/20100101 Firefox/13.0"

It doesn't say much to me. Thank you for answering.

On 12 June 2012 16:50, Eric Covener <covener@gmail.com> wrote:

>
> What do your error and access log say?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: Access rules in an intranet [ In reply to ]
Hi,

Insert "Directory" block in virtual host container (configuration). It seems you have added in that area where <Directory> option is not allowed.

-Anam



________________________________
From: Luís de Sousa <luis.a.de.sousa@gmail.com>
To: users@httpd.apache.org; Anam Ali Khan <anamalikhan@yahoo.com>
Sent: Wednesday, 13 June 2012, 11:52
Subject: Re: [users@httpd] Access rules in an intranet


Hi Anam,

Apache complains about it: "Directory not allowed here". I suppose it doesn't like having two nested Directory blocks.

Thank you in any case.


On 12 June 2012 20:54, Anam Ali Khan <anamalikhan@yahoo.com> wrote:

Try the following configuration:
>
>
><Directory "phppgadmin location>
>Order deny,allow
>deny from all
>allow from 10.215.1.0
></Directory>
>
>
>Replace "phppgadmin location" with the actual location whereyou have installed your application.
>
>
>Hope it will solve :)
>
>
>
>-Anam
>
>
>
Re: Access rules in an intranet [ In reply to ]
Hi Anam,

The config file has only two blocks: DirectoryMatch and IfModule, organised
like this:

<DirectoryMatch /usr/share/phppgadmin/>
...
<IfModule mod_php4.c>
...
</IfModule>
...
</DirectoryMatch>

Where exactly should I put the Directory block?

Thank you.

On 13 June 2012 19:18, Anam Ali Khan <anamalikhan@yahoo.com> wrote:

> Hi,
>
> Insert "Directory" block in virtual host container (configuration). It
> seems you have added in that area where <Directory> option is not allowed.
>
> -Anam
>
>
Re: Access rules in an intranet [ In reply to ]
I think you don't need to use <DirectoryMatch> option in your config file. Replace <DirectoryMatch> with <Directory> option and add following code in it.


Order deny,allow
deny from all
allow from 10.215.1.0</Directory

-Anam



________________________________
From: Luís de Sousa <luis.a.de.sousa@gmail.com>
To: users@httpd.apache.org; Anam Ali Khan <anamalikhan@yahoo.com>
Sent: Thursday, 14 June 2012, 12:19
Subject: Re: [users@httpd] Access rules in an intranet


Hi Anam,

The config file has only two blocks: DirectoryMatch and IfModule, organised like this:

<DirectoryMatch /usr/share/phppgadmin/>
...
<IfModule mod_php4.c>
...
</IfModule>
...
</DirectoryMatch>

Where exactly should I put the Directory block?

Thank you.

On 13 June 2012 19:18, Anam Ali Khan <anamalikhan@yahoo.com> wrote:

Hi,
>
>
>Insert "Directory" block in virtual host container (configuration). It seems you have added in that area where <Directory> option is not allowed.
>
>
>-Anam
>
>
Re: Access rules in an intranet [ In reply to ]
Wed, 13 Jun 2012 kirjutas Luís de Sousa <luis.a.de.sousa@gmail.com>:

> For each access to the phppgadmin folder I'm getting this line at the error
> log:
>
> 158.64.4.14 - - [13/Jun/2012:08:51:21 +0200] "GET /phppgadmin/ HTTP/1.1"
> 403 510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0)
> Gecko/20100101 Firefox/13.0"

Your configuration directives allow access from 10.215.xxx.xxx, but
when you actually access the site, requests come from 158.64.4.14.
Maybe your browser is using a proxy?

--
Toomas Aas

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Access rules in an intranet [ In reply to ]
Hi Toomas,

Indeed, using netstat I could verify that when I'm connect to other
services on that server the access IP is 158.64.4.14. I have no idea how,
but some proxy must be in between, since there's configured in the browser.
Knowing that the IP in the error log is that of the incoming request was
able to configure the access to pgphpadmin correctly.

Thank you very much,

Luís

On 15 June 2012 06:53, Toomas Aas <toomas.aas@raad.tartu.ee> wrote:

> Wed, 13 Jun 2012 kirjutas Luís de Sousa <luis.a.de.sousa@gmail.com>:
>
>
> For each access to the phppgadmin folder I'm getting this line at the
>> error
>> log:
>>
>> 158.64.4.14 - - [13/Jun/2012:08:51:21 +0200] "GET /phppgadmin/ HTTP/1.1"
>> 403 510 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0)
>> Gecko/20100101 Firefox/13.0"
>>
>
> Your configuration directives allow access from 10.215.xxx.xxx, but when
> you actually access the site, requests come from 158.64.4.14. Maybe your
> browser is using a proxy?
>
> --
> Toomas Aas
>