2

I use Apache's mod_info to display detailed information about my server setup.

httpd-vhosts.conf

# Set path below to be handled by mod_info. It will show server info. # For this to work, this module must be loaded (uncommented in httpd.conf) <Location /special/path> SetHandler server-info Order allow,deny Allow from 127.0.0.1 </Location>

Allow from is set to the local machine because this is on my dev machine.

This module allows me to see a tremendous amount of information by navigating to /special/path. I'd like to use it on my public server but need to secure it somehow so others cannot load that path.

The docs discuss whitelisting by IP address but I have an organizational IP, shared by many.

What's the most practical way to protect this path? Apache 2.4.16

Improve this question

2 Answers 2

Reset to default
4

You're not limited to setting IP access controls, you can also use any other access control that is allowed in a <Location> scope, or combination thereof. So use the RequireAll directive to require both a specific IP-address and set up authentication and require a specific login. 

<Location /special/path> SetHandler server-info AuthType Basic AuthName "Restricted Access To Special Location" AuthBasicProvider file AuthUserFile "/usr/local/apache/passwd/passwords" <RequireAll> Require ip 10.252.46.165 Require user BeetleJuice </RequireAll> </Location>
Improve this answer
3
  • If you can, please elaborate just a bit. (1) how will server know that BeetleJuice is connecting and how will it check/verify password? (2) Where does this directive go relative to <Location>? Is it a child node (ie. within the location tags). Commented Sep 14, 2016 at 4:58
  • httpd.apache.org/docs/2.4/howto/auth.html Commented Sep 14, 2016 at 5:00
  • Thank you. Will study that document later in the day and try to apply it. Commented Sep 14, 2016 at 5:02
2

Set it to only be available on 127.0.0.1, and then access it via an ssh tunnel.

Improve this answer
1
  • I can access webpage via SSH tunnel? Would you show one example please? And does that mean SSH connection doesn't see my remote IP? I ask because in the logs I can see the IP I"m connecting to SSH from Commented Sep 14, 2016 at 3:52

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.