How to set up Apache Web server access control

If you're hoping to allow or deny Apache Web server access based on IP address, check out this expert response from Randall Gamby.

I'm in the process of configuring Apache Web server access control to restrict access based on the host address of the box requesting access. Can you offer any best practices on how I should go about this?

I recommend that you follow the steps outlined below from the Apache website to learn how to set up Apache Web server access control:

Basically, the instructions call for setting up a "black list," or "restricted from access" set of rules. While this will work, keep in mind that the issue with black lists is they tend to become outdated as new threats emerge. While this is one way to restrict access, another more secure way is to use a Web access management (WAM) product in front of the Apache server. This allows access to be managed based on a "white list," or only those users authorized to access the Web server. A WAM can provide single sign-on, while also having less of an impact on your security infrastructure, since access is granted as needed, instead of denied as needed.

A WAM can also provide access to multiple Apache servers from a single domain, reducing administrative costs. Since the Apache Web server is most likely Internet facing, front-ending it with a WAM will reduce your risk of attack, since the WAM provides more powerful authentication and control tools.

This was last published in June 2010

This Content Component encountered an error

Related Q&A from Randall Gamby

How has enterprise SSO technology evolved?

Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading

The FIDO authentication framework: What do enterprises need to know?

Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading

Which is safer: an HSM appliance or a virtual appliance?

A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

What Microsoft's InPrivate Desktop feature could mean for enterprises

Microsoft's secretive, potential new feature InPrivate Desktop could give security teams access to disposable sandboxes. Expert ...

CCSP Domain 6: Cloud computing regulations and legal issues

This Security School will help you prepare for Domain 6 of the CCSP exam, "Legal and Compliance," which covers cloud computing ...

Can you ace this quiz on cloud computing privacy issues?

Consumers and enterprises are increasingly concerned about data privacy -- with good reason -- and cloud computing introduces a ...

SearchNetworking

How 3 benefits of SDN can help small businesses

As SDN matures and evolves from its original definition, it's getting harder for small businesses to ignore the benefits of SDN, ...

NetOps, SecOps, DevOps concepts merge to automate security testing

By adopting DevOps concepts, network teams can automate security testing. But, as development, network and security tasks mingle,...

Cisco layoffs mark Customer Experience restructuring

Cisco is laying off hundreds of employees as it restructures its Customer Experience unit led by new-hire Maria Martinez. The ...

SearchCIO

How automating feature engineering can help data scientists

Feature Labs CEO Max Kanter explains how automating feature engineering for machine learning can help data scientists and why ...

5 'technology enablers' key to Travelport's digital transformation plan

Travelport CIO Matt Minetola details the five 'technology enablers' key to the success of the company's digital transformation ...

Data analytics projects need structure, says Avis analytics exec

In this Q&A, Avis' Ashok Kumar made one thing clear for CIOs: Before they touch an AI project, they need to get their data house ...

SearchEnterpriseDesktop

Use IT help desk tools to track, resolve and prevent IT incidents

The software that manages the IT help desk must allow admins to track, monitor and resolve incidents to optimize the benefits ...

Get to know third-party Windows 10 migration tools

IT professionals should look to third-party migration tools during a transition to Windows 10 to provide any features that the ...

5 steps to escape from Windows boot loop hell

A Windows reboot loop is a vicious and frustrating cycle, but there are ways you can fix the problem, including booting in Safe ...

SearchCloudComputing

Cloud-based quantum computing inches slowly toward enterprise

A lot of questions -- and complexity -- still surround quantum computing. But as enterprises eventually ramp up with the ...

Cloud cost management tools heat up with Apptio sale

Why does private equity firm Vista Equity Partners want to pay nearly $2 billion for IT spend analytics vendor Apptio? Here's a ...

Break down the main features of Azure DevOps Services

DevOps continues to influence how vendors shape their cloud offerings, and this was the case behind Microsoft's recent rebranding...

ComputerWeekly.com

Sweden’s central bank to test digital currency

Riksbank e-krona initiative follows government plan for a cashless society by 2030

TeenTech partners with DCMS to reach young people in new areas

After 10 years in operation, social enterprise links up with government department and Local Digital Skills Partnership to reach ...

Broadband voucher scheme to end early thanks to high demand

The government has urged small business owners to consider signing up for its ultrafast broadband connection voucher scheme ...

How to set up Apache Web server access control

If you're hoping to allow or deny Apache Web server access based on IP address, check out this expert response from Randall Gamby.

Related Q&A from Randall Gamby

How has enterprise SSO technology evolved?

The FIDO authentication framework: What do enterprises need to know?

Which is safer: an HSM appliance or a virtual appliance?

Have a question for an expert?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

What Microsoft's InPrivate Desktop feature could mean for enterprises

CCSP Domain 6: Cloud computing regulations and legal issues

Can you ace this quiz on cloud computing privacy issues?

SearchNetworking

How 3 benefits of SDN can help small businesses

NetOps, SecOps, DevOps concepts merge to automate security testing

Cisco layoffs mark Customer Experience restructuring

SearchCIO

How automating feature engineering can help data scientists

5 'technology enablers' key to Travelport's digital transformation plan

Data analytics projects need structure, says Avis analytics exec

SearchEnterpriseDesktop

Use IT help desk tools to track, resolve and prevent IT incidents

Get to know third-party Windows 10 migration tools

5 steps to escape from Windows boot loop hell

SearchCloudComputing

Cloud-based quantum computing inches slowly toward enterprise

Cloud cost management tools heat up with Apptio sale

Break down the main features of Azure DevOps Services

ComputerWeekly.com

Sweden’s central bank to test digital currency

TeenTech partners with DCMS to reach young people in new areas

Broadband voucher scheme to end early thanks to high demand

Related Resources

Related Q&A from Randall Gamby

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.