Oracle B12255-01 Manuel D’Utilisation

Authentication and Authorization Enforcement

Oracle HTTP Server Administrator’s Guide

Using host-based access control schemes, you can control access to restricted areas
based on where HTTP requests originate. Oracle HTTP Server uses

and

 to perform host-based access control. mod_access provides

access control based on client hostname, IP address, or other characteristics of the
client request, and mod_setenvif provides the ability to set environment variables
based upon attributes of the request. When you enter configuration directives into
the httpd.conf file that use these modules, the server fulfills or denies requests
based on the address or name of the host, or based on the HTTP request header
contents.

You can use host-based access control to protect static HTML pages, applications, or
components.

Oracle HTTP Server supports four host-based access control schemes:

■

■

■

■

All of these allow you to specify the machines from which access to protected areas
is granted or denied. Your decision to choose one or more of the host-based access
control schemes is determined by which scheme most efficiently protects your
restricted content and applications, or which scheme is easiest to maintain.

Controlling access with IP addresses is a preferred

method of host-based access control. It does not require DNS lookups that consume
time, system resources, and make your server vulnerable to DNS spoofing attacks.

<Directory /secure_only/>

  order deny,allow

  deny from all

  allow from 207.175.42.*

</Directory>

In

, requests originating from all IP addresses except 207.175.42.* range

are denied access to the /secure_only/ directory.