Subject: | |
From: | |
Reply To: | |
Date: | Mon, 9 Apr 2012 09:41:28 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi,
after so many attempts of unsuccessfully restricted and allowed specified
domain from accessing my vhost, I tried the firewall. Firewall did not
work. Not sure where I messed it up. See below, port 80, REJECT ip_address
wasn't working. That IP address was my laptop:
HTTP:
<Virtualhost *:80>
DirectoryRoot ...
ServerName terrynt.server.com
<Directory "/www/mysite/test">
Options Indexes FollowSymLinks
AllowOverride None
AuthUser Basic
AuthName "Enter Passowrd"
AuthUserFile /path/to/.password
Require valid-user
Order allow,deny
Allow from badguy.com
Deny from ALL
</Directory>
</Virtualhost>
----------------------------------------------------------
FIREWALL:
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth+ -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth+ -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -s 192.168.1.xyz --dport 80 -j REJECT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth+ -j ACCEPT
-A FORWARD -o eth+ -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
|
|
|