LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-31-2006, 03:26 PM   #1
Emmanuel_uk
Senior Member
 
Registered: Nov 2004
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,604

Rep: Reputation: 47
cannot restrict apache to listen to LAN only. httpd2: (99)Cannot assign requested add


Hi, newbie to apache V2: 2 PCs linked by a Dlink604 router
Server 192.168.0.131 client 192.168.0.107
Just wishing to restrict apache to listen only to 192.168.0.107 on port say 81

Error message is below. I have seen many threads like this,
but still do not understand what is wrong. Stuck in a circle in my reading.
Thanks for any help.

Starting httpd2: (99)Cannot assign requested address: make_sock: could not bind to address 192.168.0.107:81
no listening sockets available, shutting down
Unable to open logs

I have tried (each line on its own) in httpd2.conf
Listen 81 #This works, client can see server. Page loaded all right.
Nestat gives
tcp 0 0 :::81 :::* LISTEN 5712/httpd2

Listen 127.0.0.1:81 #This does not trigger any error
nestat gives
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 31122/httpd2

Listen 192.168.0.107:81 #Trigger error, but this is what I want: restrict apache to listen only from request from client 192.168.0.107

cat /etc/hosts
127.0.0.1 localhost
192.168.0.1 dlink604
192.168.0.107 pcclient

cat /etc/resolv.conf
nameserver xxx.xx.xx
nameserver xxx.xx.xx
search localdomain

Because it works with Listen 81, I know it is not a firewall problem,
on the server side.

# nmap 192.168.0.1
PORT STATE SERVICE
80/tcp open http

# ping -c1 192.168.0.107
PING 192.168.0.107 (192.168.0.107) 56(84) bytes of data.
64 bytes from 192.168.0.107: icmp_seq=1 ttl=64 time=0.591 ms

#BindAddress is all commented out
<IfDefine APACHEPROXIED>
# Listen 8080
</IfDefine>
<IfDefine !APACHEPROXIED>
#Listen 192.168.0.107:80
# Listen 81
</IfDefine>

Server Version: Apache-AdvancedExtranetServer/2.0.53
(Mandrakelinux/PREFORK-9mdk) mod_ssl/2.0.53 OpenSSL/0.9.7e
PHP/4.3.10 mod_perl/1.999.21 Perl/v5.8.6
 
Old 01-31-2006, 04:22 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,897

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
If I understand well you want to restrict access to your apache server (192.168.0.131) listening on port 81 so that only client from 192.168.0.107 can connect. What you have to do is to use "Listen 192.168.0.131:81" so that your server listen to that port, and the use either configuring apache using httpd.conf or .htaccess or using iptables to allow only connections from the specific host. A quick solution is to use the following for your DocumentRoot <Directory> definition:
Code:
<Directory /The/DocumentRoot/Dir>
Order Deny,Allow
Deny from all
Allow from 192.168.0.107
</Directory>
 
Old 02-01-2006, 03:31 PM   #3
Emmanuel_uk
Senior Member
 
Registered: Nov 2004
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,604

Original Poster
Rep: Reputation: 47
Thanks very much for the help, very appreciated. I have made some progress:

I used this, and it works , which basicaly mean only 107 can access
the test directory (created under the default /var/www/html) .
Code:
<Directory /var/www/html/test>	
    Order Allow,Deny
    Allow from 192.168.0.107
</Directory>
I also now understand what the listen directive means:
It is where the server is listening on the server PC,
not where requests originating from are listened to.
(In retrospect I understand my error, it was a newbie misconception:
I assumed that there was a way on top of iptables to tell
apache "what IP" to listen to, that is "where from").

Assuming I had another ethernet card, say eth1, on the server, with a cable direct
to the client, presumably I would be able to tell apache to listen to
eth1 only? I guess dhcp on the router would simply give a new IP address to eth1.

Now, then, only one niggling problem: I can deny /var/www/html/test
BUT I cannot deny *selectively* the DocumentRoot which is /var/www/html

Can I selectively authorise /var/www/html/index.html?

I tried (with authorising 107 and 108 (not existing) to test the difference)

DocumentRoot /var/www/html
<Directory /var/www/html>
Order Allow,Deny
Allow from 192.168.0.107
</Directory>

and, the following give no access at all to the client (commenting out DocumentRoot)

#DocumentRoot /var/www/html
<Directory /var/www/html>
Order Allow,Deny
Allow from 192.168.0.107
</Directory>
<Directory DocumentRoot>
Order Allow,Deny
Allow from 192.168.0.107
</Directory>
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ifup eth0 causing error messages - SIOCGIFADDR: Cannot assign requested address pxumsgdxpcvjm Linux - Networking 7 01-20-2006 06:22 PM
Ssh tunnel : cannot assign requested address sieker Linux - Networking 6 11-11-2005 01:10 PM
ping6 error "conect: cannot assign requested addres lamsteven Linux - Networking 0 06-30-2005 07:57 PM
Apache Httpd2 wh33t Mandriva 3 10-28-2003 07:45 PM
sendmail quits - cannot bind: Cannot assign requested address scott_r_wagner Linux - Software 5 09-14-2003 05:40 PM


All times are GMT -5. The time now is 12:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration