4 Replies Latest reply: Mar 26, 2013 7:58 AM by René van Wijk RSS

    URGENT - How to deny access to an application location in OHS?

    999207
      Dear Gurus,

      We want to restrict the access using the External Hostname to the location "/opa46", but allow the access using the Local hostname. How can we achieve this in OHS httpd.conf?

      Like:
      Deny => http://www.rdconc.com/opa46/test.htm
      Allow => http://ocasp/opa46/test.htm



      We tried below configuration, but it didn't work.

      <Location /opa46>
      Order allow,deny
      Allow from All
      AllowOverride None
      # Redirect if not on desired VirtualHost, including upper/lower case attempts:
      RewriteEngine on
      RewriteCond %{HTTP_HOST} !^www\.rdconc\.com [NC,OR]
      RewriteCond %{HTTP_HOST} ^.rdconc\.com [NC]
      RewriteRule ^/(.*) http://www.rdconc.com/error.htm [R]
      </Location>

      Please kindly help.

      Many thanks in advance.

      Regards,

      Tony

      Edited by: 996204 on 2013-3-26 上午4:25
        • 1. Re: URGENT - How to deny access to an application location in OHS?
          René van Wijk
          http://httpd.apache.org/docs/2.2/howto/access.html

          You can do something like

          Order allow,deny
          Allow from all (now all host are allowed)
          Deny from somewhere.com (someone who comes from someone.com is not allowed)

          When using this in a location directive, you can, for example, deny access to everything
          <Location />
              AllowOverride None
              Order deny,allow
              Deny from all
          </Location>
          Now every site is denied (not very handy of course), but you can then at restriction by defining new locations
          <Location /somelocation>
              AllowOverride None
              Order allow,deny
              Allow from all
              Deny from somewhere.com
          </Location>
          From a security point of view it is also wise to restrict your directories, for example,
          <Directory />
              Options FollowSymLinks
              AllowOverride None
              Order deny,allow
              Deny from all
          </Directory>
          and then put in some exceptions as was done in the example above. Some more tips are provided here: http://middlewaremagic.com/weblogic/?p=6872 (and the references there-in)
          • 2. Re: URGENT - How to deny access to an application location in OHS?
            999207
            Hi René,

            Thanks a lot for your reply.

            Probably I didn't mention the issue clearly. We do not want to block any client IP/hostname.

            What we want to achieve is:
            1. Our OAS server has two hostname: one is for external hostname for access via internet; another is the local hostname in LAN.
            2. We need to restrict the access to the AdminConsole (under /opa46 location) via external hostname. But the access via local hostname will be enabled.
            3. Other application locations on this server will not be restricted.

            So what we can do this on OHS?

            Regards,

            Tony

            Edited by: 996204 on 2013-3-26 上午4:55
            • 3. Re: URGENT - How to deny access to an application location in OHS?
              999207
              BTW, our OAS version is 10.2.0.2.
              • 4. Re: URGENT - How to deny access to an application location in OHS?
                René van Wijk
                If I understand correctly, the admin URL must only be reached from localhost. Then you can do something like:
                <Location  /opa46>
                    AllowOverride None
                    Order deny,allow
                    Deny from all
                    Allow from hostname of from where the admin url will be reached
                </Location>
                More info can be found here: http://httpd.apache.org/docs/1.3/ (http://httpd.apache.org/docs/1.3/howto/auth.html#access)