LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-12-2004, 12:30 PM   #1
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 471

Rep: Reputation: 30
Apache DENY question


Hi all, this is the last for the day...

I've been spening the morning adding IP addresses to my httpd.conf file in the following format:

deny from 192.168 217.25

etc, etc

Now this is fine, but what I would ideally like to do is have a file full of IP addresses and simply add the entries to that, than have the config file read them, I tried the following but no such luck:

deny from < /etc/hosts.deny
(had planned to use this file for this purpose)

You get the idea of what I am trying to do, unfortunately even if there is a way to do this, then I assume I would have to restart apache for the new configuration to take place, but I suppose this can be done with cron, daily or whatever.

I plan to take IP addresses from my log files, for multiple failed attempts at password protected directories and have them added to a file, then read into the httpd.conf file as described above.

All help is appreciated, perhaps it is not possible to do as I wish in this instance.
 
Old 04-13-2004, 01:56 AM   #2
AutOPSY
Member
 
Registered: Mar 2004
Location: US
Distribution: Redhat 9 - Linux 2.6.3
Posts: 836

Rep: Reputation: 31
if you already have entries in /etc/hosts.deny, I believe apache uses this file also, cause apache can use the tcp wrappers host access control files with tcpd.

You don't need to do what you are doing, basically.

Also, why not cut and paste man, you are seriously setting yourself up for a security hole, when Apache tries to read a contorted entry like you are going to make, then not know what to do or crash or both.
 
Old 04-14-2004, 01:01 PM   #3
plisken
Member
 
Registered: Dec 2001
Location: Scotland
Distribution: Slackware 9.1/13.37/14 RedHat 6.2/7/EL6.5 SuSE 8.2/11.1
Posts: 471

Original Poster
Rep: Reputation: 30
Currently my apache config does not read the hotst.deny file, possibly I could set it up to use tcpd, but really don't know how to do such a thing.

I know you mention cut and paste, but what I really wanted to do was have a small script which would search my log file for username related errors (I am getting somewhere with this), ideally I'sd then wish to pull the associated IPs from this file and have them automatically blocked.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
hosts.allow & hosts.deny question... jonc Linux - Security 9 03-05-2005 10:41 PM
never_direct deny all vs. always_direct deny all simplyrahul Linux - General 1 02-16-2005 03:42 PM
How do I deny host? Inexactitude Linux - Security 3 02-22-2004 03:00 PM
hosts.deny question egarnel Linux - Security 2 09-15-2003 04:30 PM
How do i deny ips in apache?? vbp6us Linux - General 8 03-17-2003 10:02 PM


All times are GMT -5. The time now is 08:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration