[NTLUG:Discuss] allow http request only
m m
llliiilll at hotmail.com
Fri Nov 16 22:23:09 CST 2001
>From: "Michael B. Lee" <mlee at texas.no-ip.com>
>Reply-To: discuss at ntlug.org
>To: <discuss at ntlug.org>
>Subject: Re: [NTLUG:Discuss] allow http request only
>Date: Fri, 16 Nov 2001 16:09:40 -0600 (CST)
>
>
>
>Uh..... what?
>
>Correct me if I'm wrong, but the truncated version of what you just said
>is: "I want to block IP addresses of people who are accessing my
>webserver, but I want them to be able to browse my website."
I guess you are misunderstand me. where did I say: "I want to block IP
addresses of people ...."?
To make it clear,
"I want to block IP addresses of people who are accessing my
box, except port 80 for browsing my website." or
"http request to port 80 never been blocked"
I hope it make sense.
>
>You're going to have to make a decision, I think. Either you give them
>port 80, or you don't.
>
>Unless... are you trying to say you want to use a DIFFERENT port for your
>webserver?
>
>
>
>
>On Fri, 16 Nov 2001, m m wrote:
>
> > sorry for replying late.
> >
> > ok, my first though is I want all http request
> > can go through port 80 on firewall to the websrever.
> > of course I have ip masquade doing it. and it works.
> > I also have portsentry doing scan stuff.
> > The problem is when the hacker's ip has been blocked, the
> > ip will be on the list on /etc/hosts.deny, and can never
> > access to my box (it's good), but I still want allow that
> > ip can "browse" my website.
> >
> >
> > >From: Greg Edwards <greg at nas-inet.com>
> > >Reply-To: discuss at ntlug.org
> > >To: discuss at ntlug.org
> > >Subject: Re: [NTLUG:Discuss] allow http request only
> > >Date: Thu, 08 Nov 2001 18:39:43 -0600
> > >
> > >m m wrote:
> > > >
> > > > Hi all:
> > > >
> > > > how do i allow all http (on port 80) request but nothing else in
> > > > /etc/hosts.allow and /etc/hosts.deny?
> > > > I have check man hosts.allow and hosts.deny, have no ieda. (not
>smart
> > >enough
> > > > to understand it.)
> > > >
> > > > Thanks
> > > >
> > >
> > >Is this a single machine, router, or host that has traffic routed to
>it?
> > >
> > >If your running Apache in standalone mode then it already gets all port
> > >80 traffic. You can disable (as already pointed out) ALL access in
> > >hosts.deny and then allow ALL LOCAL (if networked) in hosts.allow so
> > >that internal users can use services on your host. You can also pick
> > >and choose to allow internal access on inetd (ox xinetd) services.
> > >Unless this is a machine that passes traffic through it (router) you
> > >don't have to deal with ipchains/iptables.
> > >
> > >--
> > >Greg Edwards
> > >New Age Software, Inc.
> > >http://www.nas-inet.com
> > >_______________________________________________
> > >http://www.ntlug.org/mailman/listinfo/discuss
> >
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at
>http://explorer.msn.com/intl.asp
> >
> >
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
>
>
>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the Discuss
mailing list