On Wed, Jun 4, 2014 at 2:55 PM, MM wrote:
> Hi,
>
> I run a personal https at home with no official certificate. The hostname I
> use is a dynamic dns hostname.
> Apache/2.4.9 OpenSSL/1.0.1e-fips PHP/5.5.12 SVN/1.8.8 mod_perl/2.0.9-dev
> Perl/v5.18.2
>
>
> On ssl_request I see a couple of entries like this:
>
> TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/ HTTP/1.1" 287
> TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/vtigerservice.php HTTP/1.1" 304
> TLSv1 DHE-RSA-AES256-SHA "GET
> /vtigercrm/graph.php?current_language=../../../../../../../..//etc/elastix.conf%00&module=Accounts&action
> HTTP/1.1" 296
> TLSv1 DHE-RSA-AES256-SHA "GET /vtigercrm/ HTTP/1.1" 287
>
> from undesired clients.
>
> Is there a way to limit the IPs of clients that http/https queries can come
> from?
Would this help?
http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow
There is also fail2ban. And you could setup your firewall to restrict
which IPs can reach server on the proper port
-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
