[NTLUG:Discuss] Re: allow http request only
Kyle_Davenport@compusa.com
Kyle_Davenport at compusa.com
Thu Nov 8 09:13:15 CST 2001
> how do i allow all http (on port 80) request but nothing else in
> /etc/hosts.allow and /etc/hosts.deny? I have check man hosts.allow and
> hosts.deny, have no ieda. (not smart enough to understand it.)
There's some good examples in the man page. Here's another
hosts.allow:
ALL : LOCAL
ALL : 192.168.1.0/24
httpd : ALL
sshd : ALL
in.ftpd : ALL
hosts.deny:
ALL : ALL
And no, it's not true that only inetd services use those files.
Other services can use them if they've been specifically programmed for it.
But if they do, they will mention it in the doc's. RedHat chosen packages are
particularly good about using this facility.
httpd also can be made to use it, if it is run as an inetd service - which
is not a bad idea if the web server is used only occasionally.
indeed, whenever possible, stick your remote services in inetd.conf and it will
give you another layer of security - on top of the other ones which you _surely_
have! ;^).
More information about the Discuss
mailing list