hosts.deny and http
Nico Wieland
why can a host listed in hosts.deny (ALL: xxx.xxx.xxx.xxx) still connect
to the httpd?
thanks,
-n
DanH
>
> hi
>
> why can a host listed in hosts.deny (ALL: xxx.xxx.xxx.xxx) still connect
> to the httpd?
The httpd has it's own deny file. The /etc/hosts.deny is for connection
to the OS, the httpd is for connection to the web server.
Dan
--
UNIX - Not just for vestal virgins anymore
Linux - Choice of a GNU generation
Patrick Aland
configured to run through tcp wrappers) httpd is usually not run out of
inetd.conf . The easy thing to do would be make a .htaccess file with
"deny from xxx.xxx.xxx.xxx" (Pardon my syntax, its been a while) but
there may be better way.
--patrick
Nico Wieland wrote:
>
> hi
>
> why can a host listed in hosts.deny (ALL: xxx.xxx.xxx.xxx) still connect
> to the httpd?
>
> thanks,
>
> -n
Michael Fuhr
> Nico Wieland wrote:
> >
> > hi
> >
> > why can a host listed in hosts.deny (ALL: xxx.xxx.xxx.xxx) still connect
> > to the httpd?
>
> The httpd has it's own deny file. The /etc/hosts.deny is for connection
> to the OS, the httpd is for connection to the web server.
Hosts.allow and hosts.deny do NOT control connections to the OS, they
control connections to applications that use Wietse Venema's TCP
Wrapper. Typically this means services started from inetd.conf and
possibly a few others that are linked with libwrap.
Since httpd usually runs standalone, it doesn't use hosts.allow or
hosts.deny for access control. Some HTTP daemons can be configured
to run from inetd.conf but there's usually a performance penalty.
If you're using Apache, search the Apache Module Registry for "hosts":
http://modules.apache.org/search
This should lead you to Vincent Partington's mod_hosts_access:
http://www.klomp.org/mod_hosts_access/
I've never used this module, but it should provide a way for Apache to
use hosts.allow and hosts.deny for access control.
Hope this helps.
--
Michael Fuhr
http://www.fuhr.org/~mfuhr/