Access control for virtual hosts, Access control for virtual hosts -5 – Oracle B12255-01 User Manual
Page 135
Authentication and Authorization Enforcement
Managing Security
8-5
If you want to match objects at the file system level, then you must use
<Directory> or <Files>. If you want to match objects at the URL level, then you
must use <Location>.
Access Control for Virtual Hosts
To set up access control for virtual hosts, place the AccessConfig directive inside
a virtual host container in the server configuration file, httpd.conf. When used in
a virtual host container, the AccessConfig directive specifies an access control
policy contained in a file.
shows an excerpt from an httpd.conf file
which provides the syntax for using AccessConfig this way:
Example 8–2
Using AccessConfig to Set Up Access Control
...
<VirtualHost ip_address_of_host.some_domain.com>
... virtual host directives ...
AccessConfig conf/access.conf
</VirtualHost>
Note:
Allowing or restricting access based on a host name for
Internet access is not considered a very good method of providing
security, because host names are easy to spoof. While the same is
true of IP addresses, sabotage is more difficult. However, setting
access control with intranet IP address ranges is reasonable because
the same risks do not apply. This assumes that your firewalls have
been properly configured.