[users@httpd] Allowing one IP gives all access

Wed, 26 Sep 2007 09:15:50 -0700 

I am trying to allow only a few IP addresses access.  The strange thing is I
went home and noticed I had access from my home computer when I shouldn't
have.  I went back to work and tested things and found that a single IP
address that I was allowing caused everyone to be allowed.  I tested using a
proxy.  When I had that address allowed, the proxy had access when it
shouldn't.  When I didn't allow that IP, the proxy didn't have access but
neither did the other IPs I was explicitly allowing.  How could this be?

Here is my httpd-ssl.conf file below.  When I allow ccc.ccc.ccc.ccc, then
the proxy and everyone has access even if they shouldn't.  When I don't
allow ccc.ccc.ccc.ccc, then the proxy doesn't have access but also
bbb.bbb.bbb.bbb doesn't have access!

I have tested with IIS6 and it does not behave that way.  It behaves
properly and denies access to the proxy even with that "special" IP address
allowed.
----
<VirtualHost aaa.aaa.aaa.aaa:443>
        
        #   General setup for the virtual host
        DocumentRoot "F:/Apache_Software_Foundation/Apache2.2/htdocs"
        ServerName aaa.aaa.aaa.aaa:443
        ErrorLog logs/aaa.aaa.aaa.aaa-error.log
        CustomLog logs/aaa.aaa.aaa.aaa-access.log common
        #ErrorLog F:/Apache_Software_Foundation/Apache2.2/logs/error_log
        TransferLog F:/Apache_Software_Foundation/Apache2.2/logs/access_log

        #       Location directive allows for restricting access by IP to a 
location on
this host
        <Location /blah>
                Order deny,allow
                Deny from all
                Allow from aaa.aaa.aaa.aaa
                Allow from bbb.bbb.bbb.bbb
                Allow from ccc.ccc.ccc.ccc
        </Location>

</VirtualHost>



-- 
View this message in context: 
http://www.nabble.com/Allowing-one-IP-gives-all-access-tf4523340.html#a12904289
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to