[ale] apache question.. slightly OT

Armsby John-G16665 John.Armsby at motorola.com
Mon Sep 10 18:46:55 EDT 2001





The Web site is behind a corporate firewall.  I get about 1500 hits a day.... not much. If I keep adding subnets to the allow from in the apache httpd.conf file, at what point will apache complain that there are too many?  10?, 15? 20?


Thanks for your advice,


John



-----Original Message-----
From: greg at turnstep.com [mailto:greg at turnstep.com]
To: ale at ale.org
Sent: Monday, September 10, 2001 4:45 PM
To: ale at ale.org
Subject: Re: [ale] apache question.. slightly OT





-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


| I found this on the internet....
| <Location /protected>
|         order deny,allow
|         deny from all
|         allow from .friendly.com
|       </Location>
|  
| Do I have to enable DNS lookup somewhere?  Do I have 
| to turn HostNameLookup ON?   


No and no. If you put a host name in an allow/deny directive, 
it looks up the hostname, regardless of the HostNameLookup 
setting.


Keep in mind that it will definitely cause a performance penalty, 
as every single IP that comes in must be looked up. In general, 
it's better to use IP numbers, even if it is a long list. 
However, if the "protected location" is not widely publically 
available, then you can probably get away with it depending on 
how high the traffic is. I'd go with the IP numbers myself: they 
can't be changing *that* often (one hopes :)


Greg Sabino Mullane
greg at turnstep.com
PGP Key: 0x14964AC8 200109101641


-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html


iQA/AwUBO50l1bybkGcUlkrIEQK+UwCfXhwWGpMd8U+JDXJu3vtBqS/AuxAAniIU
FFOecGnpsgm74UEjJLI1BQ84
=yOzz
-----END PGP SIGNATURE-----


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.







More information about the Ale mailing list