apache deny/allow

Discussion in 'Server Operation' started by unkn0wn, May 15, 2006.

  1. unkn0wn

    unkn0wn New Member

    Fo example i have folder forum in /var/www and i want to restrict some access. i want to denz all external ip adreses for forum. onlz local users for 192.168.x.x can use it.
    how can i huse htaccess

    i create dir temp
    i touch .htaccess in temp.
    i create htpasswd file in /var/www with onlz username-pass.
    i edit htaccess

    AuthUserFile /var/www/htpasswd
    AuthName "secret
    AuthType Basic
    <Limit GET POST>
    require valid-user
    </Limit>

    Order Allow,Deny
    Deny from 212.21.11
    Allow from all

    but nothing happens
     
    Last edited: May 15, 2006
  2. falko

    falko Super Moderator Howtoforge Staff

    Try
    Code:
    Order Deny,Allow
    instead.
     
  3. unkn0wn

    unkn0wn New Member

    apache simple dont menage htaccess . i delete entry for allow and deny just to see if auth work. i have code

    AuthUserFile /var/www/htpasswd
    AuthName "secret
    AuthType Basic
    <Limit GET POST>
    require valid-user
    </Limit>

    but it cant work
     
  4. Norman

    Norman Member HowtoForge Supporter

    What does your error-log say?
    And shouldnt' the file point to ".htaccess" instead of "htaccess"?
     
  5. unkn0wn

    unkn0wn New Member

    no its point on .htaccess.
    i try to insert code in httpd.conf and its working that way :)

    i dont wanna start new topic but how to disable TRACE method?


    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^TRACE
    RewriteRule .* - [F]

    but nikto show that trace method is enabled
     
  6. falko

    falko Super Moderator Howtoforge Staff

  7. unkn0wn

    unkn0wn New Member

    there is nothing about trace method.
    yes i did restart apache.
     
  8. falko

    falko Super Moderator Howtoforge Staff

  9. unkn0wn

    unkn0wn New Member

    i know that. i google it and find that code i past to you.

    Here ya go.

    RewriteEngine on
    # Optional debug directives
    #RewriteLog logs/mod_rewrite.log
    #RewriteLogLeve 1
    # Block TRACK and TRACE methods
    ReWriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) ReWriteRule .* - [F]

    but simple dont work :(
     
  10. falko

    falko Super Moderator Howtoforge Staff

    What happens if you put this directly in your Apache configuration, not in an .htaccess file? Don't forget to restart Apache.
     
  11. unkn0wn

    unkn0wn New Member

    i try in the vhost file and in apache same thing.
     
  12. falko

    falko Super Moderator Howtoforge Staff

    Put it in the Apache configuration. What's the output of
    Code:
    httpd -t
    then?
    Anything in your Apache error log?
     

Share This Page