On Sat, Feb 12, 2011 at 19:07, Thornton, Susan M. (LARC-B702)[LITES] <[email protected]> wrote: > Does anyone know if it’s possible to block a single ip address from > accessing a DSpace instance? I’ve tried it through the postgres pg_hba.conf > file and, while I can successfully block a user from accessing the dspace > database via, say PGAdminIII, it doesn’t block them from accessing the site.
Hi Sue, you should write more about the reason why you want to block a single IP from accessing DSpace, so I can give you a better advice. You see, I can tell you how to what you want to do, but such a simple rule will not protect you from anything I can think of that occurs in the real world. There are two ways to do what you're asking, depending on what you want to protect: 1) blocking access to the web pages 1a) it's customary to use a web server in front of Tomcat to serve HTML pages. If you're running Apache, you can simply add this command to your virtual host: deny from 1.2.3.4 More details here: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html 1b) if you're not running anything in front of Tomcat, you can use this configuration option inside every dspace context (xmlui, jspui, oai, ...) you want to protect: <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="1.2.3.4"/> More details here: http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Configuring_Manager_Application_Access 2) If you want to protect any or all ports from access from a single IP, you should use your operating system's firewall. From you're previous emails I assume you're using Solaris. Your rule should look like this (but the order of other rules in your firewall matter): block in from 1.2.3.4/32 all More details here: https://www.sun.com/offers/details/s10security_howto.xml Hope that helps. Regards, ~~helix84 ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech
