On 2019-04-03 11:30, Stuart Henderson wrote:
On 2019-04-03, =?utf-8?B?RnVuZw==?= <[email protected]> wrote:
apache support somthing like
<Directory /web>
Order Allow,Deny
Allow from all
Deny from 1.2.3.4
</Directory>
How to achieve in OpenBSD's httpd?
We are using OpenBSD 6.4.
There is no built-in simple way.
It can be done by having httpd listen on two different ports,
one allowing access to this directory, the other denying access,
and using a PF rdr-to rule to send traffic to the "allow access"
port if it has the correct source IP address. But this is a bit
of a mess.
I vaguely recall hearing someone (possibly Reyk, several years ago?)
mention that relayd can handle access control for httpd, if httpd is
listening only on loopback.
This seems like overkill, but does fit the "UNIX philosophy" of doing
one thing well.
I'm not at all sure it was Reyk, and I'm sure not 100% confident of this
solution, but a quick glance at the man pages suggests it's not totally
insane, either.
-Adam
