Controlling access by ip address – Oracle B12255-01 User Manual
Page 136
Authentication and Authorization Enforcement
8-6
Oracle HTTP Server Administrator’s Guide
Using mod_access and mod_setenvif for Host-based Access Control
Using host-based access control schemes, you can control access to restricted areas
based on where HTTP requests originate. Oracle HTTP Server uses
and
to perform host-based access control. mod_access provides
access control based on client hostname, IP address, or other characteristics of the
client request, and mod_setenvif provides the ability to set environment variables
based upon attributes of the request. When you enter configuration directives into
the httpd.conf file that use these modules, the server fulfills or denies requests
based on the address or name of the host, or based on the HTTP request header
contents.
You can use host-based access control to protect static HTML pages, applications, or
components.
Oracle HTTP Server supports four host-based access control schemes:
■
Controlling Access by IP Address
■
Controlling Access by Domain Name
■
Controlling Access by Network or Netmask
■
Controlling Access with Environment Variables
All of these allow you to specify the machines from which access to protected areas
is granted or denied. Your decision to choose one or more of the host-based access
control schemes is determined by which scheme most efficiently protects your
restricted content and applications, or which scheme is easiest to maintain.
Controlling Access by IP Address
Controlling access with IP addresses is a preferred
method of host-based access control. It does not require DNS lookups that consume
time, system resources, and make your server vulnerable to DNS spoofing attacks.
Example 8–3
Controlling Access by IP Address
<Directory /secure_only/>
order deny,allow
deny from all
allow from 207.175.42.*
</Directory>
In
, requests originating from all IP addresses except 207.175.42.* range
are denied access to the /secure_only/ directory.