|
I am running Apache 1.3.27 on Mac OS X Server v10.2.6 and would like to restrict access to a particular folder based on incoming IP number. In my httpd.conf file I added simply:
<Directory "/Library/WebServer/restrict">
Order Deny,Allow
Deny from All
</Directory>
and this restricts access to the "restrict" directory for everyone giving the Forbidden error page, as I would expect.
When I change the above to:
<Directory "/Library/WebServer/restrict">
Order Deny,Allow
Deny from All
Allow from 192.168.0 # IP number changed to protect the innocent--my intention would be to allow the entire 192.168.0.X domain in this example access to the restricted folder
</Directory>
However, Apache seems to ignore this Allow directive and I am again denied access from a machine on the 192.168.0.X domain.
The access_log says:
192.168.0.23 - - [04/Sep/2003:08:12:28 -0400] "GET /restrict/restrict.html HTTP/1.1" 403 321
The error_log says:
[Thu Sep 4 08:12:28 2003] [error] [client 192.168.0.23] client denied by server configuration: /Library/WebServer/restrict/restrict.html
I've also tried the Allow directive in the form:
Allow from 192.168.0.
I've also tried entering the Directory directive in the httpd_macosxserver.conf file--which gives the same results.
mod_access.so is being loaded.
Follow-up:
It appears that the Allow directive is working, although Apache doesn't appear to be checking it against the incoming user's IP number--it seems to be checking against the server's ip number.
For example, if I allow just one ip number:
Allow from 192.168.0.23
it denies access for the user 192.168.0.23
However, if I allow access for the SERVER'S IP number:
Allow from 192.168.0.20 # where .20 is the server's IP number, EVERYONE is granted access.
This is driving me crazy...
Any suggestions would be greatly appreciated.
|
