On Mon, Nov 04, 2019 at 09:08:36AM -0500, Gene Heskett wrote:
> On Monday 04 November 2019 08:45:42 Greg Wooledge wrote:
>
> > On Fri, Nov 01, 2019 at 11:06:26PM +0100, tomas@tuxteam.de wrote:
> > > That will depend on whether apache is compiled with tcpwrappers
> > > (that's the library implementing the hosts.{allow,deny} policies). I
> > > don't know whether Debian's distribution does that (perhaps others
> > > will).
> >
> > It's not.
>
> Oh fudge, no wonder my mechinations with /etc/hosts.deny have zero long
> term effect.
>
> Does apache2 have its own module that would prevent its responding to an
> ipv4 address presented in a .conf file as "xx.xx.xx.xx/24" format?
More or less (your request is too specific, the /24 can be an arbitrary
netmask). This has come up already in this thread.
See, e.g. https://httpd.apache.org/docs/2.4/howto/access.html for several
ways to skin that cat.
I can't tell you how to actually weave those configuration snippets
into the Debian-provided config -- it's a long time since I "did"
Apache myself.
I know that Debian breaks down the config into multiple files to
ease separate package configuration. All lives somewhere under
/etc/apache2, there are subdirectories for configuration snippets
(conf-available and conf-enabled -- the latter being just a link
farm to the former, to ease dis- and enabling of individual config
items: there are commands for that (a2enconf, a2disconf) -- likewise
for different sites (if your Apache is serving several sites).
It's bound to be a panoramic ride. Apache config is a heck of
a dungeon. But I think this is where you should start.
Cheers
-- t
Attachment:
signature.asc
Description: Digital signature