Ask the Expert

How to set up Apache Web server access control

I'm in the process of configuring Apache Web server access control to restrict access based on the host address of the box requesting access. Can you offer any best practices on how I should go about this?

    Requires Free Membership to View

I recommend that you follow the steps outlined below from the Apache website to learn how to set up Apache Web server access control:

Basically, the instructions call for setting up a "black list," or "restricted from access" set of rules. While this will work, keep in mind that the issue with black lists is they tend to become outdated as new threats emerge. While this is one way to restrict access, another more secure way is to use a Web access management (WAM) product in front of the Apache server. This allows access to be managed based on a "white list," or only those users authorized to access the Web server. A WAM can provide single sign-on, while also having less of an impact on your security infrastructure, since access is granted as needed, instead of denied as needed.

A WAM can also provide access to multiple Apache servers from a single domain, reducing administrative costs. Since the Apache Web server is most likely Internet facing, front-ending it with a WAM will reduce your risk of attack, since the WAM provides more powerful authentication and control tools.

This was first published in June 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: