On Tuesday 08 September 2009 06:08:28 pm Cristian Rodríguez wrote:
Options -Indexes +FollowSymLinks AllowOverride AuthConfig Options FileInfo Limit # Address rewrite for secure connection in not local <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REMOTE_ADDR} !^192\.168\.6\. RewriteCond %{HTTPS} !=on RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L] </IfModule> # Authenticate if not local No, If you aim to determine what "local access" is by providing a regular expression that matches a certain subnet, you will D.o.S yourself sooner or later, IP based access policies are the wrong thing to do.
Hmm, That's good to know. I took the example from the www.apache.org manual, so I thought I was safe. What is the right access policy approach to make sure I don't D.o.S myself?/ -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org