HPE Community
Operating System - HP-UX
1837900 Members
3130 Online
110123 Solutions
New Discussion

inetd.sec

 
Matt Walls
Advisor

‎10-25-2000 10:32 AM

‎10-25-2000 10:32 AM

inetd.sec

I have a web server listening on port 7500. what i want to do is deny certain i.p. addresses from using that port.
i defined the service in /etc/services, and i have entered the service name and i.p. address to deny.

however, i can still connect to the port.

i.e. http://whatever:7500

any ideas would be appreciated.

Thank you
0 Kudos
Reply
8 REPLIES 8
Rita C Workman
Honored Contributor

‎10-25-2000 10:35 AM

‎10-25-2000 10:35 AM

Re: inetd.sec

One question if you did your 'deny' correct...did you remember to recyle inetd.??

Just a thought,
0 Kudos
Reply
Kofi ARTHIABAH
Honored Contributor

‎10-25-2000 10:40 AM

‎10-25-2000 10:40 AM

Re: inetd.sec

Matt:

If your webserver is not started from within inetd (ie if it is in standalone mode) then inetd.sec cannot control access to it. however, you can set up .htaccess files in the "root" of the webserver hierarchy that denies that IP:

1. Create a file called .htaccess in your documents_home directory. the file should contain:

deny from bad.bad.machine.com
allow from all

AuthUserFile authusr.pwd
AuthGroupFile /dev/null
AuthName "Privileged Member"
AuthType Basic


require valid-user

satisfy any

===================
check the documentation of apache for more information on htaccess

If you want to absolutely control it from within inetd.sec, then you have to set up your webserver to be started by inetd.conf
nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
Matt Walls
Advisor

‎10-25-2000 10:48 AM

‎10-25-2000 10:48 AM

Re: inetd.sec

yes i have tried restarting with inetd -c

we are using an oracle web server, not apache. is there a similiar function?

also, what are the benefits/disadvantages of starting and stopping the web server with inetd?

thanks again
0 Kudos
Reply
Andreas Voss
Honored Contributor

‎10-25-2000 10:55 AM

‎10-25-2000 10:55 AM

Re: inetd.sec

Hi,

have you entered the deny ip addresses in one line at inetd.sec ?
There must not be any line break or line continue with
Reagards
0 Kudos
Reply
Kofi ARTHIABAH
Honored Contributor

‎10-25-2000 10:57 AM

‎10-25-2000 10:57 AM

Re: inetd.sec

Yes, Matt, there must be similar functionality in the Oracle webserver... it is a standard means of restricting access to whole directories (look for security and access restriction) in your oracle webserver documentation.

I tend to prefer to have the webserver be standalone - when started from within inetd, every time a hit comes on port 7500, inetd wakes up and invokes a new instance of the webserver to service the request (potentially 2 steps). However, if started as a standalone, a new instance of the server is started, only if there isn't an idle one currently running.
nothing wrong with me that a few lines of code cannot fix!
0 Kudos
Reply
Bill Thorsteinson
Honored Contributor

‎10-30-2000 03:39 PM

‎10-30-2000 03:39 PM

Re: inetd.sec

Depending on the version of Oracle you are running the web server may be a modified version of Apache. Newer versions (not sure when they switched) use Apache with modifications. Oracle are releasing some of their enhancements back to the open source world.
0 Kudos
Reply
Philip Chan_1
Respected Contributor

‎10-30-2000 05:17 PM

‎10-30-2000 05:17 PM

Re: inetd.sec

Matt,

As you machine boots up just make sure the webserver will not be started automatically. I think you also have to take out the "--daemon" parameter for the webserver entry in the inetd.conf file, then your security entries in inetd.sec should come into effect.

If your webserver will be a busy one, then I would agree that the standalone server approach is more appropriate.
0 Kudos
Reply
Philip Chan_1
Respected Contributor

‎10-30-2000 05:17 PM

‎10-30-2000 05:17 PM

Re: inetd.sec

Matt,

As you machine boots up just make sure the webserver will not be started automatically. I think you also have to take out the "--daemon" parameter for the webserver entry in the inetd.conf file, then your security entries in inetd.sec should come into effect.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.