|
cannot restrict apache to listen to LAN only. httpd2: (99)Cannot assign requested add
Hi, newbie to apache V2: 2 PCs linked by a Dlink604 router
Server 192.168.0.131 client 192.168.0.107 Just wishing to restrict apache to listen only to 192.168.0.107 on port say 81 Error message is below. I have seen many threads like this, but still do not understand what is wrong. Stuck in a circle in my reading. Thanks for any help. Starting httpd2: (99)Cannot assign requested address: make_sock: could not bind to address 192.168.0.107:81 no listening sockets available, shutting down Unable to open logs I have tried (each line on its own) in httpd2.conf Listen 81 #This works, client can see server. Page loaded all right. Nestat gives tcp 0 0 :::81 :::* LISTEN 5712/httpd2 Listen 127.0.0.1:81 #This does not trigger any error nestat gives tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 31122/httpd2 Listen 192.168.0.107:81 #Trigger error, but this is what I want: restrict apache to listen only from request from client 192.168.0.107 cat /etc/hosts 127.0.0.1 localhost 192.168.0.1 dlink604 192.168.0.107 pcclient cat /etc/resolv.conf nameserver xxx.xx.xx nameserver xxx.xx.xx search localdomain Because it works with Listen 81, I know it is not a firewall problem, on the server side. # nmap 192.168.0.1 PORT STATE SERVICE 80/tcp open http # ping -c1 192.168.0.107 PING 192.168.0.107 (192.168.0.107) 56(84) bytes of data. 64 bytes from 192.168.0.107: icmp_seq=1 ttl=64 time=0.591 ms #BindAddress is all commented out <IfDefine APACHEPROXIED> # Listen 8080 </IfDefine> <IfDefine !APACHEPROXIED> #Listen 192.168.0.107:80 # Listen 81 </IfDefine> Server Version: Apache-AdvancedExtranetServer/2.0.53 (Mandrakelinux/PREFORK-9mdk) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/4.3.10 mod_perl/1.999.21 Perl/v5.8.6 |
If I understand well you want to restrict access to your apache server (192.168.0.131) listening on port 81 so that only client from 192.168.0.107 can connect. What you have to do is to use "Listen 192.168.0.131:81" so that your server listen to that port, and the use either configuring apache using httpd.conf or .htaccess or using iptables to allow only connections from the specific host. A quick solution is to use the following for your DocumentRoot <Directory> definition:
Code:
<Directory /The/DocumentRoot/Dir> |
Thanks very much for the help, very appreciated. I have made some progress:
I used this, and it works :) , which basicaly mean only 107 can access the test directory (created under the default /var/www/html) . Code:
<Directory /var/www/html/test> It is where the server is listening on the server PC, not where requests originating from are listened to. (In retrospect I understand my error, it was a newbie misconception: I assumed that there was a way on top of iptables to tell apache "what IP" to listen to, that is "where from"). Assuming I had another ethernet card, say eth1, on the server, with a cable direct to the client, presumably I would be able to tell apache to listen to eth1 only? I guess dhcp on the router would simply give a new IP address to eth1. Now, then, only one niggling problem: I can deny /var/www/html/test BUT I cannot deny *selectively* the DocumentRoot which is /var/www/html Can I selectively authorise /var/www/html/index.html? I tried (with authorising 107 and 108 (not existing) to test the difference) DocumentRoot /var/www/html <Directory /var/www/html> Order Allow,Deny Allow from 192.168.0.107 </Directory> and, the following give no access at all to the client (commenting out DocumentRoot) #DocumentRoot /var/www/html <Directory /var/www/html> Order Allow,Deny Allow from 192.168.0.107 </Directory> <Directory DocumentRoot> Order Allow,Deny Allow from 192.168.0.107 </Directory> |
| All times are GMT -5. The time now is 10:31 PM. |