How to set up Apache Web server access control

If you're hoping to allow or deny Apache Web server access based on IP address, check out this expert response from Randall Gamby.

Randall Gamby, HP

I'm in the process of configuring Apache Web server access control to restrict access based on the host address of the box requesting access. Can you offer any best practices on how I should go about this?

I recommend that you follow the steps outlined below from the Apache website to learn how to set up Apache Web server access control:

Basically, the instructions call for setting up a "black list," or "restricted from access" set of rules. While this will work, keep in mind that the issue with black lists is they tend to become outdated as new threats emerge. While this is one way to restrict access, another more secure way is to use a Web access management (WAM) product in front of the Apache server. This allows access to be managed based on a "white list," or only those users authorized to access the Web server. A WAM can provide single sign-on, while also having less of an impact on your security infrastructure, since access is granted as needed, instead of denied as needed.

A WAM can also provide access to multiple Apache servers from a single domain, reducing administrative costs. Since the Apache Web server is most likely Internet facing, front-ending it with a WAM will reduce your risk of attack, since the WAM provides more powerful authentication and control tools.

This was last published in June 2010

How to set up Apache Web server access control

If you're hoping to allow or deny Apache Web server access based on IP address, check out this expert response from Randall Gamby.

Dig Deeper on Web authentication and access control

Tomcat vs. Apache HTTP Server: What's the difference?

How to deploy a JAR file to Tomcat the right way

How does Amazon WAM manage WorkSpaces apps?

Amazon WorkSpaces

Related Q&A from Randall Gamby

For minimum password length, are 14-character passwords sufficient?

How has enterprise SSO technology evolved?

The FIDO authentication framework: What do enterprises need to know?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

Privacy-preserving machine learning assuages infosec fears

How Azure, AWS, Google handle data destruction in the cloud

Multi-cloud security strategies rely on visibility, uniformity

SearchNetworking

How the cloud fractures application delivery infrastructure ops

Why network configuration templates are useful in automation

An automation-first approach enables network predictability

SearchCIO

Return-to-office plans stress safety, security, collaboration

6 cognitive automation use cases in the enterprise

5 digital transformation strategies embracing the new normal

SearchEnterpriseDesktop

Citrix microapps look to ease office reopening

VMware Workspace One unifies reshaped digital workforces

Macs to run on Apple silicon, leaving Intel behind

SearchCloudComputing

Review the top sessions from recent cloud conferences

Test your cloud knowledge: VMs vs. containers vs. serverless

Cloud lock-in fears aren't as prevalent as you might think

ComputerWeekly.com

Cops take out encrypted comms to disrupt organised crime

Between a cloud and a hard place: companies change applications tack

IR35 private sector reforms: Finance Bill vote denies further delays to April 2021 start date