HPE Community
Operating System - HP-UX
1754321 Members
2904 Online
108813 Solutions
New Discussion юеВ

inetd.sec

 
SOLVED
Go to solution
lastgreatone
Regular Advisor

тАО10-29-2002 08:57 AM

тАО10-29-2002 08:57 AM

inetd.sec

I may be totally in the wrong forum, but here goes.
I am troubleshooting downgrade performance.
I have noticed a recurring incremental GET requests from a single source (a search engine!) on the IAS (hpux 11.x)
Can I use inetd.sec to deny that specific IP ADDR? or is this an IAS configurable issue? Any feedback is greatly appreciated. TIA
0 Kudos
Reply
5 REPLIES 5
Ken Hubnik_2
Honored Contributor

тАО10-29-2002 09:09 AM

тАО10-29-2002 09:09 AM

Re: inetd.sec

I am not sure what IAS is but you can deny access by ip address in the inetd.sec file. Do a man on inetd.sec and see what services can be defined in this file.
0 Kudos
Reply
lastgreatone
Regular Advisor

тАО10-29-2002 09:56 AM

тАО10-29-2002 09:56 AM

Re: inetd.sec

Well I did a cat on inetd.sec but I believe it's strictly for remote logins. I'm talking web server via port 80. So I guess I'm answering my own question, I should use the internet conf file and deny any request from that specific address, not from the server!
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО10-29-2002 10:56 AM

тАО10-29-2002 10:56 AM

Re: inetd.sec

Hi frankie,

Yes you can use inetd.sec to refuse connections for your iPlanet App Server.

You need to deny http from that address - like as follows:

http xxx.xxx.xxx.xxx deny

You can deny by hostname if you can resolve it & of course you can deny by subnet (xxx.xxx.xxx) or even multiple IP/hosts/subnets with white space seperation.
Just remember to bounce inetd (inetd -c) after making changes.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Christopher Caldwell
Honored Contributor

тАО10-29-2002 04:46 PM

тАО10-29-2002 04:46 PM

Solution

Re: inetd.sec

inetd.sec can be responsible for the IP based security of things started by inetd (see inetd.conf).

IAS appears to be a web or application server. Most web servers aren't run by inetd, though every web/application server I've messed with has access control built into the application. I'd look there to deny a specific IP.
Reply
Mihails Nikitins
Super Advisor

тАО10-30-2002 06:27 AM

тАО10-30-2002 06:27 AM

Re: inetd.sec

Hi,

You may prohibit http access to your server on an external firewall (or just ask someone to do it). In this case your server will be free even from denying the requests.

Just my 2 cents.

BR,
Mihails
KISS - Keep It Simple Stupid
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.