How to set up Apache Web server access control

If you're hoping to allow or deny Apache Web server access based on IP address, check out this expert response from Randall Gamby.

I'm in the process of configuring Apache Web server access control to restrict access based on the host address of the box requesting access. Can you offer any best practices on how I should go about this?

I recommend that you follow the steps outlined below from the Apache website to learn how to set up Apache Web server access control:

Basically, the instructions call for setting up a "black list," or "restricted from access" set of rules. While this will work, keep in mind that the issue with black lists is they tend to become outdated as new threats emerge. While this is one way to restrict access, another more secure way is to use a Web access management (WAM) product in front of the Apache server. This allows access to be managed based on a "white list," or only those users authorized to access the Web server. A WAM can provide single sign-on, while also having less of an impact on your security infrastructure, since access is granted as needed, instead of denied as needed.

A WAM can also provide access to multiple Apache servers from a single domain, reducing administrative costs. Since the Apache Web server is most likely Internet facing, front-ending it with a WAM will reduce your risk of attack, since the WAM provides more powerful authentication and control tools.

This was last published in June 2010

Dig Deeper on Web authentication and access control

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Q&A from Randall Gamby

How has enterprise SSO technology evolved?

Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading

The FIDO authentication framework: What do enterprises need to know?

Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading

Which is safer: an HSM appliance or a virtual appliance?

A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

How to deploy deep packet inspection in the cloud

Despite privacy concerns about deep packet inspection, it can help improve cloud network security for enterprises. Expert Frank ...

The security implications of serverless cloud computing

Cloudflare Workers is new for serverless cloud computing and introduces benefits and drawbacks for security professionals. Expert...

How to build a cloud security strategy after migration

Enterprises can face an array of issues when they migrate to the cloud. Learn about three of the main challenges and how to ...

SearchNetworking

What you need to know about intent-based networks

This compilation explores five pertinent questions about intent-based networking, including those about its benefits, why ...

SD-WAN cost savings hinge on underlying WAN technologies

SD-WAN marketing almost always mentions the benefit of cost savings. Cut through the hype and discover how SD-WAN works with MPLS...

Wireless network configuration basics: 5 steps to follow

Different wireless networks have different requirements. However, some common principles exist for strategizing your wireless ...

SearchCIO

BPM tools mitigate business disruption amid digital transformation

A major challenge in digital transformation is avoiding harmful disruption to the business while doing the work of creating a new...

Next-gen RPA bots automating job roles, not just tasks

Robotic software is moving beyond automating tasks to automating big pieces of certain job positions. Case in point: Automation ...

How AI cybersecurity thwarts attacks -- and how hackers fight back

IT leaders are using AI to take security to the next level. But how much security can AI provide? David Petersson examines where ...

SearchEnterpriseDesktop

5 Windows 10 security settings to tweak

Desktop security is crucial, and the default settings of Windows 10 can leave organizations vulnerable. Here are a few changes to...

New Zoho office application software includes AI feature Zia

Zoho's next generation office application software seeks to integrate business groups to contextualize the workplace with AI, ...

What IT needs to know about Windows 10 update troubleshooting

The Windows update process can cause a whole slew of problems for users and IT. Get acquainted with these Windows 10 update ...

SearchCloudComputing

Automation drives next wave of multi-cloud management tools

The current cloud landscape indicates a clear need for management tools that can span multiple platforms -- and they'll likely ...

Google Cloud Services Platform presses hybrid cloud agenda

Google has pushed its Cloud Services Platform for hybrid computing into beta. The software is based on Google Kubernetes Engine ...

Compare tools for multi-cloud Kubernetes management

For IT teams that need to manage Kubernetes deployments that span multiple cloud platforms, here are seven tools intended to ...

ComputerWeekly.com

Higher wages for IT professionals in Australia and New Zealand, but diversity issues remain

The talent crunch in Australia and New Zealand has pushed up wages in the IT sector, but more work is needed to foster workplace ...

AWS and Greenpeace at war over claims cloud giant has ‘turned its back’ on renewable energy pledge

Amazon Web Services hits back at Greenpeace for suggesting it has 'turned its back' on powering its cloud with renewable energy, ...

Backup product approaches vary as they take aim at the cloud

Use of the public cloud for backup data is something all the backup software suppliers provide, but implementations range from ...

Dig Deeper on Web authentication and access control

Related Q&A from Randall Gamby

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.