LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Apache2 access restriction in location (http://www.linuxquestions.org/questions/linux-security-4/apache2-access-restriction-in-location-783973/)

ReefShark 01-22-2010 04:27 AM

Apache2 access restriction in location
 
I've got this in my Apache2 config (on a Ubuntu 9.10 server):
Code:

<VirtualHost _default_:443>
        DocumentRoot /srv/svn
      <Location /repos>
                DAV svn
                SVNParentPath /srv/svn
                Order Deny,Allow
                Deny from all
                # ALlow local host
                Allow from 127.0.0.1 172.23.120
                AuthType Basic
                AuthName "Knock Knock"
                AuthUserFile /srv/svn/.webdavpwd
                Require valid-user
                Satisfy All
        </Location>
        some ssl code, etc etc

When I comment out the "allow from" line, I have no access to this server at all, but when "Allow from 127.0.0.1 172.23.120" is activated, I can also access that location from other IP's (I can even access it from the internet).

What I really want is access limited to the IP's in "Allow from" because I don't want anyone accessing our subversion repo's from anywhere else.

I know I'm overlooking something very obvious, but perusing Apache2 documentation for 2 hours haven't helped me find it. :(

bathory 01-22-2010 05:33 AM

Hi,

Remove or comment out the "Deny from all" directive and restart apache.

ReefShark 01-22-2010 07:38 AM

Did it, can still reach the server from all and any IP's I want, including those not specified in the "Allow from" directive.

bathory 01-22-2010 07:57 AM

Change the Order to:
Code:

Order Allow,Deny

ReefShark 01-22-2010 08:36 AM

Nope, no effect. Can still reach the location from the internet.

Is the fact that there is another <Location> webdav / svn directive in the same VirtualHost file (without any IP restrictions) any reason for this not to work?

bathory 01-22-2010 08:53 AM

Could be. The Location directive matches regexes, so it maybe bypasses your restriction because it matches something else.

You can put the directives needed for access restriction inside a .htaccess file in the directory you want to protect.


All times are GMT -5. The time now is 11:46 AM.