Re: [Dspace-tech] Blocking a single ip address from accessing a DSpace instance

Mon, 14 Feb 2011 11:15:45 -0800

If you are using a Linux system you can block these on the network level before they get to the application level using iptables or hosts.deny. 

Cheers

hg

On 14/02/2011 20:43, Mark H. Wood wrote:

On Sat, Feb 12, 2011 at 12:07:42PM -0600, Thornton, Susan M. (LARC-B702)[LITES] 
wrote:

      Does anyone know if it's possible to block a single ip address from 
accessing a DSpace instance?  I've tried it through the postgres pg_hba.conf 
file and, while I can successfully block a user from accessing the dspace 
database via, say PGAdminIII, it doesn't block them from accessing the site.

Pg only sees connections from the DSpace host, regardless of the
source of any session which causes those connections to be opened.

You *should* block nearly everyone from connecting to Pg, but though
necessary for good security this isn't sufficient.

An address filter in the Tomcat setup, in HTTPD if you use it, and/or
host and/or site firewalls, would be good ways to tackle this.



------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb


_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech


--
Hilton Gibson
Systems Administrator
JS Gericke Library Room 1025
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa

Tel: +27 21 808 4100 | Cell: +27 84 646 4758

"Simplicity is the ultimate sophistication"
        Leonardo da Vinci


------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Reply via email to