Hi Jeff. Sorry, this was a typo in the docs. In your case, changing to <Directory proxy:*> <Limit> order deny,allow deny from all allow from 128.104.30.130 128.104.20.10 </Limit> </Directory>
will cause things to work as you expected. Jeff Carr wrote: > > The contract type is `' with a response time of 3 business hours. > A first analysis should be sent before: Wed Apr 02 09:00:00 PST 1997 > > >Number: 297 > >Category: mod_proxy > >Synopsis: Allow/Deny proxy module inconsistant behavior > >Confidential: no > >Severity: critical > >Priority: medium > >Responsible: apache (Apache HTTP Project) > >State: open > >Class: sw-bug > >Submitter-Id: apache > >Arrival-Date: Tue Apr 1 14:50:00 1997 > >Originator: [EMAIL PROTECTED] > >Organization: > apache > >Release: 1.2b7 > >Environment: > Linux/i386 Redhat 4.0 > >Description: > The Allow and Deny part of the proxy module does not work correctly as far as > I > can tell. I have used the syntax as recommended in the docs: > > <Directory proxy:*> > order deny,allow > deny from all > allow from 128.104.30.130 128.104.20.10 > </Directory> > > But, this does not work correctly. It does deny everyone to things like > GET http://www.linux.org/ > or > GET http://www.ssc.org/ > > But allows everyone access to: > GET http://www.linux.org/index.html > or > GET http://www.linux.org/help/index.html > > Basically, it lets everyone through if the URL they request doesn't end with / > >How-To-Repeat: > Just setup apache as a proxy and try and limit access. > >Fix: > I tried to dig through the code but no luck yet. This is a big security hole > for anyone running apache as a proxy. > > Maybe my <Directory proxy:*> syntax is wrong in the access.conf file%3 > >Audit-Trail: > >Unformatted: -- chuck Chuck Murcko The Topsail Group, West Chester PA USA [EMAIL PROTECTED]
