How to set up Apache Web server access control

If you're hoping to allow or deny Apache Web server access based on IP address, check out this expert response from Randall Gamby.

Randall Gamby, HP

I'm in the process of configuring Apache Web server access control to restrict access based on the host address of the box requesting access. Can you offer any best practices on how I should go about this?

I recommend that you follow the steps outlined below from the Apache website to learn how to set up Apache Web server access control:

Basically, the instructions call for setting up a "black list," or "restricted from access" set of rules. While this will work, keep in mind that the issue with black lists is they tend to become outdated as new threats emerge. While this is one way to restrict access, another more secure way is to use a Web access management (WAM) product in front of the Apache server. This allows access to be managed based on a "white list," or only those users authorized to access the Web server. A WAM can provide single sign-on, while also having less of an impact on your security infrastructure, since access is granted as needed, instead of denied as needed.

A WAM can also provide access to multiple Apache servers from a single domain, reducing administrative costs. Since the Apache Web server is most likely Internet facing, front-ending it with a WAM will reduce your risk of attack, since the WAM provides more powerful authentication and control tools.

This was last published in June 2010

How to set up Apache Web server access control

If you're hoping to allow or deny Apache Web server access based on IP address, check out this expert response from Randall Gamby.

Dig Deeper on Web authentication and access control

Tomcat vs. JBoss: Compare features of these Java app servers

web server

Tomcat vs. Apache HTTP Server: What's the difference?

How to deploy a JAR file to Tomcat the right way

Related Q&A from Randall Gamby

Manage unsuccessful login attempts with account lockout policy

For minimum password length, are 14-character passwords sufficient?

How has enterprise SSO technology evolved?

SearchCloudSecurity

Google forms cyber insurance pact with Allianz, Munich Re

Dispelling 4 of the top cloud security myths today

Guide to cloud security management and best practices

SearchNetworking

Cisco completes $4.5 billion Acacia deal

5 steps to conduct network penetration testing

5 benefits of Wi-Fi 6 for enterprise networks

SearchCIO

Racial, gender diversity in tech improving at a glacial pace

The future of trust must be built on data transparency

What are the advantages and disadvantages of RPA?

SearchEnterpriseDesktop

Microsoft makes Productivity Score useful to tech buyers

Microsoft makes Universal Print generally available

Microsoft bolsters data security in 365

SearchCloudComputing

Microsoft ACS going GA with preview of Teams integration

Modernize and migrate mainframe apps to the cloud

How to create snapshots for Azure VMs and managed disks

ComputerWeekly.com

T-Mobile targets post-pandemic workplace with remote working suite

Connectivity the ‘unsung hero’ of the future of work

Williams F1 car launch disrupted by data leak