1. Manuals
  2. Brands
  3. Oracle Manuals
  4. Software
  5. HTTP Server B12255-01
  6. Administrator's manual

Using Mod_Access And Mod_Setenvif For Host-Based Access Control - Oracle HTTP Server B12255-01 Administrator's Manual

10g release 1 (10.1)
Hide thumbs
Table of Contents

Advertisement

Authentication and Authorization Enforcement

Using mod_access and mod_setenvif for Host-based Access Control

Using host-based access control schemes, you can control access to restricted areas
based on where HTTP requests originate. Oracle HTTP Server uses
and
access control based on client hostname, IP address, or other characteristics of the
client request, and mod_setenvif provides the ability to set environment variables
based upon attributes of the request. When you enter configuration directives into
the httpd.conf file that use these modules, the server fulfills or denies requests
based on the address or name of the host, or based on the HTTP request header
contents.
You can use host-based access control to protect static HTML pages, applications, or
components.
Oracle HTTP Server supports four host-based access control schemes:
I
I
I
I
All of these allow you to specify the machines from which access to protected areas
is granted or denied. Your decision to choose one or more of the host-based access
control schemes is determined by which scheme most efficiently protects your
restricted content and applications, or which scheme is easiest to maintain.
Controlling Access by IP Address Controlling access with IP addresses is a preferred
method of host-based access control. It does not require DNS lookups that consume
time, system resources, and make your server vulnerable to DNS spoofing attacks.
Example 8–3 Controlling Access by IP Address
<Directory /secure_only/>
order deny,allow
deny from all
allow from 207.175.42.*
</Directory>
In
Example
are denied access to the /secure_only/ directory.
8-6 Oracle HTTP Server Administrator's Guide
to perform host-based access control. mod_access provides
mod_setenvif
Controlling Access by IP Address
Controlling Access by Domain Name
Controlling Access by Network or Netmask
Controlling Access with Environment Variables
8–3, requests originating from all IP addresses except 207.175.42.* range
mod_access

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the HTTP Server B12255-01 and is the answer not in the manual?

Subscribe to Our Youtube Channel

Related Manuals for Oracle HTTP Server B12255-01

Related Products for Oracle HTTP Server B12255-01

This manual is also suitable for:

Http server

Table of Contents