> > /etc/hosts.deny /etc/hosts.allow > > hosts.deny being notable as one place where you can deny access to your machine > by particular hosts to particular services. Or deny all services to all hosts. > > inetd.conf > > inetd listens to ports and starts servers on request > certain servers should be run standalone (apache,samba) > These statements go together; hosts.[deny|allow] only affect services started through inetd. Some standalone services have IP based access control built in. A bit from the Apache User's Manual: (the following examples go in httpd.conf, inside <Directory> sections) | In the following example, all hosts in the apache.org domain are | allowed access; all other hosts are denied access. | | Order Deny,Allow | Deny from all | Allow from apache.org | | In the next example, all hosts in the apache.org domain are allowed | access, except for the hosts which are in the foo.apache.org subdomain, | who are denied access. All hosts not in the apache.org domain are | denied access because the default state is to deny access to the server. | | Order Allow,Deny | Allow from apache.org | Deny from foo.apache.org | | On the other hand, if the Order in the last example is changed to | Deny,Allow, all hosts will be allowed access. This happens because, | regardless of the actual ordering of the directives in the configuration | file, the Allow from apache.org will be evaluated last and will override | the Deny from foo.apache.org. All hosts not in the apache.org domain will | also be allowed access because the default state will change to allow. | | The presence of an Order directive can affect access to a part of the | server even in the absence of accompanying Allow and Deny directives | because of its effect on the default access state. For example, | | <Directory /www> | Order Allow,Deny | </Directory> | | will deny all access to the /www directory because the default access | state will be set to deny. The Allow, Deny, and Order directives are provided by the Apache module mod_access.c; a list of installed modules can be printed to STDOUT with the command 'httpd -l'. mod_access.c is a "Base" module, so it is probably installed already. <[EMAIL PROTECTED]>
