Apache and mod_access setup

[bryon]

I have a few sub domains which I would like to make where only certain ip can acess them using the mod_access.

Do I have the vhost config set up correctly, I do not belive it is set up correctly since when I try to acess it lets me in even though I a not in the list.

Code: Select all

<Location /status>
SetHandler server-status
Order Deny,Allow
Deny from all

################# Named VirtualHosts
NameVirtualHost music.antsmarching.net
<VirtualHost music.antsmarching.net>
ServerName music.antsmarching.net
ServerPath /home/httpd/htdocs/music
DocumentRoot /home/httpd/htdocs/music


Allow from 207.159.190.xxx
Allow from 207.159.186.xxx
Allow from 207.159.185.xxx
Allow from 207.159.183.xxx
Allow from 207.159.185.xxx

</VirtualHost>
</Location>

or this

Code: Select all

################# Named VirtualHosts
NameVirtualHost music.antsmarching.net
<VirtualHost music.antsmarching.net>
ServerName music.antsmarching.net
ServerPath /home/httpd/htdocs/music
DocumentRoot /home/httpd/htdocs/music


<Location /status>
SetHandler server-status
Order Deny,Allow
Deny from all

Allow from 207.159.190.xxx
Allow from 207.159.186.xxx
Allow from 207.159.185.xxx
Allow from 207.159.183.xxx
Allow from 207.159.185.xxx

</Location>
</VirtualHost>

[adaptr]

The first config won't work at all - you cannot define virtualhosts inside a <Location/> directive.

The second config looks fishy too - what's with the "xxx"-es ?
You will also need at least one <Directory/> directive to give access permissions to the directory tree.

Please study the apache docs in some depth; they're usually very clear.

Otherwise you'll need to be more specific as to what you want, what you have, what doesn't work etc.

[bryon]

basically I have a sub domain called music.antsmarching.net and I only want a few ip to be able to acess it. The xxx at the end of the ip is only for security reasons. i have been able to get the subdomain to work just find but the acess restrictions have been a little harder to do. Yes I have been reading through the mod_acess doc file, but I am a littl eunshure on the proper order.

[adaptr]

The "proper order" is as follows (crudely shortened):

- at least one <Directory/> block for every distinct file system location you want to access
- at least one main server or default virtual server block
- access restrictions can appear almost anywhere they make sense, i.e. inside any block that defines a document location of some sort.

So a simple config might look like this:

<Global config>
Holds general directives, ones that don't affect any documents, like logging, error handling, maximum values etc.

<Main server config>
The configuration for a single domain, i.e. what you would have without using virtualhosts.
This includes the topmost <Directory/> block, and its access controls (usually Deny All) and the main server document root.

<Virtual host config>
Every directive that can be used in the main server config can be used in a virtualhost as well, in addition to being able to specify the server ports for each group of virtualhosts.

IIRC you have to specify the port for a virtualhost, since this will allow the virtualhost mechanism to discriminate between, say, plain http and secure https connections - which virtualhost should receive which request.

First, you have to define where the virtual hosts should listen for requests; this can only be done by specifying an IP address, never a name.

So your first line should be:

Code: Select all

NameVirtualHost aaa.bbb.ccc.ddd:80

Then you can define each virtualhost in reference to this, like so:

Code: Select all

<VirtualHost aaa.bbb.ccc.ddd:80>
ServerName music.antsmarching.net
DocumentRoot /home/www/whatever
</VirtualHost>

And last, you have to set the access permissions for this virtual host's files, as in:

Code: Select all

<Directory /home/www/whatever>
Order Allow, Deny
Allow From your.preferred.ip.addresses
</Directory>

Note what I've done here:
1. you must define a NameVirtualHost by address, not name.
2. The ServerName determines the virtual hosts' domainname, not the virtualhost definition.
3. The Directory block holds the access controls
4. Access is controlled by allowing specific addresses, and denying everything else by default.

You may want to read this explanation on the apache web site.

There are other combinations possible, but these are among the easiest - and they work...

Yes, it's complex, and almost infinitely flexible, but believe me, when you've used apache for a while you'll come to love the near limitless possibilities it offers