LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-22-2010, 04:27 AM   #1
ReefShark
Member
 
Registered: Oct 2003
Location: the Netherlands
Distribution: Arch Linux, Ubuntu server
Posts: 145

Rep: Reputation: 15
Question Apache2 access restriction in location


I've got this in my Apache2 config (on a Ubuntu 9.10 server):
Code:
<VirtualHost _default_:443>
        DocumentRoot /srv/svn
       <Location /repos>
                DAV svn
                SVNParentPath /srv/svn
                Order Deny,Allow
                Deny from all
                # ALlow local host
                Allow from 127.0.0.1 172.23.120
                AuthType Basic
                AuthName "Knock Knock"
                AuthUserFile /srv/svn/.webdavpwd
                Require valid-user
                Satisfy All
         </Location>
         some ssl code, etc etc
When I comment out the "allow from" line, I have no access to this server at all, but when "Allow from 127.0.0.1 172.23.120" is activated, I can also access that location from other IP's (I can even access it from the internet).

What I really want is access limited to the IP's in "Allow from" because I don't want anyone accessing our subversion repo's from anywhere else.

I know I'm overlooking something very obvious, but perusing Apache2 documentation for 2 hours haven't helped me find it.
 
Old 01-22-2010, 05:33 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,905

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

Remove or comment out the "Deny from all" directive and restart apache.
 
Old 01-22-2010, 07:38 AM   #3
ReefShark
Member
 
Registered: Oct 2003
Location: the Netherlands
Distribution: Arch Linux, Ubuntu server
Posts: 145

Original Poster
Rep: Reputation: 15
Did it, can still reach the server from all and any IP's I want, including those not specified in the "Allow from" directive.
 
Old 01-22-2010, 07:57 AM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,905

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Change the Order to:
Code:
Order Allow,Deny
 
Old 01-22-2010, 08:36 AM   #5
ReefShark
Member
 
Registered: Oct 2003
Location: the Netherlands
Distribution: Arch Linux, Ubuntu server
Posts: 145

Original Poster
Rep: Reputation: 15
Nope, no effect. Can still reach the location from the internet.

Is the fact that there is another <Location> webdav / svn directive in the same VirtualHost file (without any IP restrictions) any reason for this not to work?
 
Old 01-22-2010, 08:53 AM   #6
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,905

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Could be. The Location directive matches regexes, so it maybe bypasses your restriction because it matches something else.

You can put the directives needed for access restriction inside a .htaccess file in the directory you want to protect.
 
  


Reply

Tags
access, apache2, location, restriction


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apache2: DocumentRoot, Location, mod_python GSMD Linux - Server 3 07-24-2007 07:31 AM
Root access restriction GalinaK Linux - Wireless Networking 1 07-03-2006 03:41 AM
Router - Access Restriction ciop Linux - Security 4 11-01-2004 09:27 PM
CVS access restriction pedrosan Linux - Software 0 05-21-2004 02:33 AM
Telnet Access Restriction mocha Linux - Networking 1 09-16-2001 01:17 PM


All times are GMT -5. The time now is 03:54 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration