[NTLUG:Discuss] allow http request only
m m
llliiilll at hotmail.com
Fri Nov 16 21:47:30 CST 2001
sorry for replying late.
ok, my first though is I want all http request
can go through port 80 on firewall to the websrever.
of course I have ip masquade doing it. and it works.
I also have portsentry doing scan stuff.
The problem is when the hacker's ip has been blocked, the
ip will be on the list on /etc/hosts.deny, and can never
access to my box (it's good), but I still want allow that
ip can "browse" my website.
>From: Greg Edwards <greg at nas-inet.com>
>Reply-To: discuss at ntlug.org
>To: discuss at ntlug.org
>Subject: Re: [NTLUG:Discuss] allow http request only
>Date: Thu, 08 Nov 2001 18:39:43 -0600
>
>m m wrote:
> >
> > Hi all:
> >
> > how do i allow all http (on port 80) request but nothing else in
> > /etc/hosts.allow and /etc/hosts.deny?
> > I have check man hosts.allow and hosts.deny, have no ieda. (not smart
>enough
> > to understand it.)
> >
> > Thanks
> >
>
>Is this a single machine, router, or host that has traffic routed to it?
>
>If your running Apache in standalone mode then it already gets all port
>80 traffic. You can disable (as already pointed out) ALL access in
>hosts.deny and then allow ALL LOCAL (if networked) in hosts.allow so
>that internal users can use services on your host. You can also pick
>and choose to allow internal access on inetd (ox xinetd) services.
>Unless this is a machine that passes traffic through it (router) you
>don't have to deal with ipchains/iptables.
>
>--
>Greg Edwards
>New Age Software, Inc.
>http://www.nas-inet.com
>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the Discuss
mailing list