On Thu, Nov 11, 2010 at 8:47 PM, Bryan O'Neal <
Bryan.ONeal@theonealandassociates.com> wrote:
> Ok - let us review what you are acomplishing here -
> You deny from everyone (Check)
> You Allow from your local lan 192.168.25.x (Check)
> You allow from some WAN ip (Fail)
> If you web ip is say 72.168.54.32 then that should work - What do you
> have in your error logs? If nothing else it should give you the ip
> address of what is being blocked so you can compare what you think is
> the correct IP - I would say make sure that you do not have a latter
> allow / deny statement set as Apache belies the last set always wins -
> And make sure you restart the service on every conf change ;)
>
>
> If you give me the errors I will look at those too.
>
>
>
>
> On Thu, Nov 11, 2010 at 4:00 PM, Mark Phillips
> <mark@phillipsmarketing.biz> wrote:
> > I have a web server at webIP off site. I have a second server for photos
> > running a php photo gallery app behind apache at photoIP on my local LAN.
> I
> > have a page on the web server that uses iframes to the photo server's
> > images.
> >
> > I am trying to restrice access to the photo server to requests from the
> web
> > server using apache Allowoverride on the photo server. Here is what I
> have:
> >
> > <VirtualHost photoIP:8080>
> >
> > DocumentRoot /var/www/gallery
> >
> > <Directory />
> > Options FollowSymLinks
> > AllowOverride None
> > </Directory>
> >
> > <Directory /var/www/gallery>
> > Options Indexes FollowSymLinks MultiViews
> > AllowOverride All FileInfo Options
> > Order allow,deny
> > Deny from all
> > # internal access
> > Allow from 192.168.25.0/24
> > Allow from 127
> > # Web server
> > Allow from webIP
> > </Directory>
> >
> > ErrorLog /var/log/apache2/hammerhead/error.log
> >
> > # Possible values include: debug, info, notice, warn, error,
> crit,
> > # alert, emerg.
> > LogLevel debug
> >
> > CustomLog /var/log/apache2/access.log combined
> >
> > </VirtualHost>
> >
> > I can access the photos from a machine on my local LAN, but not from
> hosts
> > off my LAN. The only way to get it to work is to change Deny from all to
> > Allow from all. What am I doing wrong?
> >
> > Thanks!
> >
> > Mark
> >
>
>
Hi Mark;
Verify via your access logs after accessing from externally with the Allow
all on, that you are presenting with a truely EXTERNAL source address. Some
configurations might strip off source address and rewrite header for NAT.
Your external address IP's (matching the logs) should be added to your
configuration file:
VirtualHost photoIP:8080>
DocumentRoot /var/www/gallery
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/gallery>
Options Indexes FollowSymLinks MultiViews
AllowOverride All FileInfo Options
Order allow,deny
Deny from all
# internal access
Allow from 192.168.25.0/24
Allow from 127
# Web server
Allow from 69.50.203.0/24
</Directory>
AND verify:
a) That your Cox or DSL connection does not limit inbound port 8080
addresses.
b) Port 8080 is forwarded inbound on your router, like 80 would need to be.
Make sense?
--
Network Operations Center Engineer
Atjeu Hosting
(503) 754-4452
(623) 688-3392
http://www.it-clowns.com |
http://www.obnosis.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)