Avatar of BlearyEye
BlearyEyeFlag for United States of America asked on

Apache: allow from url

In Apache (on Win xp), I have several allow from lines in httpd.conf, of the form
  allow from <ip address>

I'd like to include a url, something like
  allow from my.computer.com

where my.computer.com is being updated via dyndns (i'm behind a router). But when I tried this in Apache, it didn't work. Is there some way to do this?

If it makes any difference, it's hosting a .net web sevice ...

--Bill
Apache Web Server

Avatar of undefined
Last Comment
BlearyEye

8/22/2022 - Mon
giltjr

Not doing it the way you are doing it.  Apache does a DNS look up on the host name when it starts up and then uses that IP address.

What you might be able to do is create a small server side script using PHP that does a name lookup dynamically and then allows it.  

However what I would suggest is that you use user-id and password to protect whatever it is you want to protect and then just allow it from everyplace.
ASKER
BlearyEye

How would user id / pw work with a webservice? That's what I need to access.
giltjr

You have two options that I can think of.

1) Front end the web service with a server side script.

2) Program the security into the web service and let everything pass through to it.

However, I would assume that being a web service there should already be security built into it that should be prompting you for user-id and password.

Another option would be to get a static IP address for the remote side.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ahoffmann

can you use a domain instead, something like:

allow from computer.com

that will force apache to make a double DNS lookup for the IP (which might be a perfromance issue, obviously)
giltjr

I didn't realize that you could allow domain names I knew you could block them, but never thought about using them on allows.

The domain name would need to match the the domain name on the PTR record for the IP address.  This assumes there is a PTR record for the address, but this would allow every IP address that is within that defined domain.
ahoffmann

> .. but this would allow every IP address that is within that defined domain.
that's what the documentation says too:)
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
BlearyEye

I tried the allow from <domain name> (see original post) and it didn't seem to work ...
ahoffmann

that's a pretty clear statement!
do you mind to give some details, or do you expect that every one has a crystal ball?
ASKER
BlearyEye

Sorry, didn't intend to be snarky. I'm afraid I don't have any details to share. I added the line indicated and Apache seemed to ignore it. Did I miss an error message?
Your help has saved me hundreds of hours of internet surfing.
fblack61
ahoffmann

did you restart apache?
how about checking apache's error_log?
ASKER
BlearyEye

Just restarted apache with the include from <url> and no error message.
ahoffmann

> .. include from  ..
you mean domain instead of url, do you?

> .. no error message.
you do not get any message in either acces_log nor error_log when you try to acces a resource protected with
  deny from all
  allow from computer.com
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
BlearyEye

yes, i meant domain.

will check on the logs as you suggest
ASKER CERTIFIED SOLUTION
giltjr

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
BlearyEye

when i did the nslookup on the ip assigned by my servce provider, i got the message

;; got recursion not available from 192.168.1.254, trying next server
;; connection timed out, no servers could be reached
giltjr

Hopefull that is not the IP address assigned to you by your ISP.  That is a private (RFC 1918) IP address, which is not allowed to be used on the public Internet.  It is reserved for private internal networks.

Go here:

http://whatismyipaddress.com/

and it will tell you what your public IP address is.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ahoffmann

> ;; connection timed out, no servers could be reached
you have not configured your DNS, you need to add a proper DNS server IP in /etc/resolve.conf first
ASKER
BlearyEye

ok. i added one of verizon's dns servers,  151.197.0.38. Now the message is:

$ nslookup 74.167.140.150
Server:            151.197.0.38
Address:      151.197.0.38#53

** server can't find 150.140.167.74.in-addr.arpa.: NXDOMAIN

does it matter what dns server i choose? if so, how do i go about identifying the right one?
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
BlearyEye

ok. so the fact that i'm using dyndns to associate a domain name with my ip does me no good, right?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
BlearyEye

ok, am checking on how userid/pw would work with a webservice ...
ASKER
BlearyEye

I think my original question has been answered, so will close this. If I have a problem with userid/pw on webservice, will post new query. Thanks ...