You might try this, with some simple testing it seems to work...
<RequireAll>
Require host usurf.usu.edu denied
Require host c01622.usurf.usu.edu
</RequireAll>
<RequireAll>
Require not host usurf.usu.edu
Require ip 0.0.0.0/1
</RequireAll>
<RequireAll>
Require not host usurf.usu.edu
Require ip 128.0.0.0/1
</RequireAll>
On Thu, Nov 29, 2018 at 2:23 PM Bill Tantzen <tantz...@umn.edu> wrote:
> Sorry this is turning out to be so confusing! What I'm hoping to do,
> in pseudo-config would be something like this:
>
> Require not host bigdomain.com . ## nobody from the entire domain
> gets in!
> Require host buddy.bigdomain.com ## except this single client
> Require all granted ## and the rest of the
> world!
>
> I'm not sure this can even be done at the apache level, much less how to
> do it.
> Thanks for looking!
> Bill
> On Thu, Nov 29, 2018 at 3:10 PM Jonathon Koyle <literea...@gmail.com>
> wrote:
> >
> > So, you want to restrict access to the host to a single machine on a
> specific domain with a non-static IP, OR to any machine not on the domain?
> >
> > On Thu, Nov 29, 2018 at 12:34 PM Bill Tantzen <tantz...@umn.edu> wrote:
> >>
> >> No that's not exactly what I meant. What I mean is something like
> >> this -- although actually typing it seems like it can't possibly be
> >> done:
> >>
> >> <RequireAny>
> >> Require not host xxx.com
> >> Require host ok.xxx.com
> >> </ReqiureAny>
> >>
> >> I realize "not host" is not allowed here, but it maybe helps explain
> >> what I want to do: Block an entire domain except for a single host.
> >> --Bill
> >> On Thu, Nov 29, 2018 at 1:24 PM Jonathon Koyle <literea...@gmail.com>
> wrote:
> >> >
> >> > You want to only allow access to a server at a specific hostname,
> (that is how I understand you question). One way, that would work, is
> something like
> >> >
> >> > Listen 80
> >> > <VirtualHost *:80>
> >> > # This is the default host for this port (assuming it is the
> first declaration for a host on this port) all server names that do not
> match another will hit this location
> >> > <Location />
> >> > Require all denied
> >> > </Location>
> >> > </VirtualHost>
> >> >
> >> > <VirtualHost *:80>
> >> > ServerName ok.yyy.zzz.com
> >> > # Put the rest of the host configuration here
> >> > </VirtualHost>
> >> >
> >> > Assuming there are no other virtual hosts defined on this machine,
> this should return a forbidden for any attempt to access the host at port
> 80 through any method name but ok.yyy.zzz.com
> >> >
> >> > On Thu, Nov 29, 2018 at 11:18 AM Bill Tantzen <tantz...@umn.edu>
> wrote:
> >> >>
> >> >> Experts,
> >> >>
> >> >> My environment is RHEL7 and apache 2.4.6
> >> >>
> >> >> I am looking for the seemingly tricky combination of directives
> >> >> (Require, RequireAll, RequireAny...) that will allow me to deny
> access
> >> >> to an entire domain except for, say, one particular host.
> >> >>
> >> >> For instance, how do deny access to
> >> >> yyy.zzz.com
> >> >> except for
> >> >> ok.yyy.zzz.com
> >> >>
> >> >> Is this even possible? I have tried every combination of
> >> >> authorization containers that I can think of, each of which so far is
> >> >> either too restrictive or too weak.
> >> >>
> >> >> Any ideas or suggestions for a good tutorial (believe me, I have
> searched)!!
> >> >> Thanks in advance!
> >> >> -- Bill
> >> >> --
> >> >> Human wheels spin round and round
> >> >> While the clock keeps the pace... -- John Mellencamp
> >> >> ________________________________________________________________
> >> >> Bill Tantzen University of Minnesota Libraries
> >> >> 612-626-9949 (U of M) 612-325-1777 (cell)
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >> >>
> >> >
> >> >
> >> > --
> >> > Jonathon Koyle
> >>
> >>
> >>
> >> --
> >> Human wheels spin round and round
> >> While the clock keeps the pace... -- John Mellencamp
> >> ________________________________________________________________
> >> Bill Tantzen University of Minnesota Libraries
> >> 612-626-9949 (U of M) 612-325-1777 (cell)
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
> >
> > --
> > Jonathon Koyle
>
>
>
> --
> Human wheels spin round and round
> While the clock keeps the pace... -- John Mellencamp
> ________________________________________________________________
> Bill Tantzen University of Minnesota Libraries
> 612-626-9949 (U of M) 612-325-1777 (cell)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>
--
Jonathon Koyle
