Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

mod_jk and Apache Directory directives

Status
Not open for further replies.
sedell

sedell

Programmer
Apr 5, 2005
5
US
I've run into a configuration problem with Apache using mod_jk to connect to tomcat. I have Apache set up running virtual hosts forwarding the requests to Tomcat. On one of the virtual hosts, I want to block an IP address, but can't get it to work. Here's the relevant config:

<VirtualHost *:80>
ServerName ServerAlias beta.domain.com, domain.com, 192.168.1.16
DocumentRoot D:/Apache/Apache2/htdocs/
ErrorLog logs/ LogLevel warn
CustomLog logs/ combined

<Directory />
Order Deny,Allow
Deny from 192.168.1.50
Allow from all

Options FollowSymLinks
AllowOverride none
</Directory>
<Directory "/dbadmin/">
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
JkMount /* ajp13
JkUnMount /dbadmin* ajp13
</VirtualHost>

I can't get the deny from 192.168.1.50 to work. I suspect it has to do with mod_jk and the JKMount /* directive, but I'm not certain. Do the Apache directives not work, instead letting Tomcat handle it due to the way it's mounted?
 
Sort by date Sort by votes
sedell,

Two things come to mind here.

1. Are you trying to block all access from a specific IP? If so, you should probably move the <Directory> container out of the VirtualHost into your main httpd.conf.

If not, you should specify in the <Directory> container the specific directory that you want to deny access to.

2. The general best practice for the Order directive is to apply the most general permission first, and the exceptions afterwards. In your case, this would translate to
Code: 
Order Deny,Allow
Allow from all
Deny from 192.168.1.50


Wishdiak
A+, Network+, Security+, MCSA: Security 2003
 
Upvote 0 Downvote
Thanks for the reply.

I tried specifying this in the default Directory container - that didn't work. I also tried the Directory container for the document root, and that didn't work either.

I'm wondering if the Directory directives even work with the requests being passed off to Tomcat.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
241
AbidingDude
AbidingDude
MCP2000
  • Locked
  • Question
CentOS 6.9, LDAP, Vault, Active Directory
Replies
0
Views
86
MCP2000
MCP2000
SamBones
  • Locked
  • Question
CentOS 7 and Putty
Replies
2
Views
160
SamBones
SamBones
daniel.warner
  • Locked
  • Question
Desperately need help setting up wildcard certs on Apache/Tomcat
Replies
2
Views
175
daniel.warner
daniel.warner
Frank DBA
  • Locked
  • Question
Apache XForwardedFor Header
Replies
1
Views
116
RhythmAce
RhythmAce

Part and Inventory Search

Sponsor

Back
Top