This content has been marked as final. Show 4 replies
You can do something like
Allow from all (now all host are allowed)
Deny from somewhere.com (someone who comes from someone.com is not allowed)
When using this in a location directive, you can, for example, deny access to everything
Now every site is denied (not very handy of course), but you can then at restriction by defining new locations
<Location /> AllowOverride None Order deny,allow Deny from all </Location>
From a security point of view it is also wise to restrict your directories, for example,
<Location /somelocation> AllowOverride None Order allow,deny Allow from all Deny from somewhere.com </Location>
and then put in some exceptions as was done in the example above. Some more tips are provided here: http://middlewaremagic.com/weblogic/?p=6872 (and the references there-in)
<Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory>
Thanks a lot for your reply.
Probably I didn't mention the issue clearly. We do not want to block any client IP/hostname.
What we want to achieve is:
1. Our OAS server has two hostname: one is for external hostname for access via internet; another is the local hostname in LAN.
2. We need to restrict the access to the AdminConsole (under /opa46 location) via external hostname. But the access via local hostname will be enabled.
3. Other application locations on this server will not be restricted.
So what we can do this on OHS?
Edited by: 996204 on 2013-3-26 上午4:55
BTW, our OAS version is 10.2.0.2.
If I understand correctly, the admin URL must only be reached from localhost. Then you can do something like:
More info can be found here: http://httpd.apache.org/docs/1.3/ (http://httpd.apache.org/docs/1.3/howto/auth.html#access)
<Location /opa46> AllowOverride None Order deny,allow Deny from all Allow from hostname of from where the admin url will be reached </Location>