Apache restrict access based on IP address to selected directories

last updated in Categories , ,

Apache web server allows server access based upon various conditions. For example you just want to restrict access to url http://payroll.nixcraft.in/ (mapped to /var/www/sub/payroll directory) from 192.168.1.0/24 network (within intranet).

Apache provides access control based on client hostname, IP address, or other characteristics of the client request using mod_access module.

Open your httpd.conf file:
# vi /etc/httpd/conf/httpd.confLocate directory section (for example/var/www/sub/payroll) and set it as follows:
<Directory /var/www/sub/payroll/>
Order allow,deny
Allow from 192.168.1.0/24
Allow from 127
</Directory>
Where,

  • Order allow,deny: The Order directive controls the default access state and the order in which Allow and Deny directives are evaluated. The (allow,deny) Allow directives are evaluated before the Deny directives. Access is denied by default. Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server.
  • Allow from192.168.1.0/24: The Allow directive affects which hosts can access an area of the server (i.e. /var/www/sub/payroll/). Access is only allowed from network 192.168.1.0/24 and localhost (127.0.0.1).

Save file and restart apache web server:
# /etc/init.d/httpd restart

See also

Linux compliant wireless cards

last updated in Categories

Q. I am looking to upgrade my home network with wireless networking. Is there a list of wireless card supported by Linux?

A. As you may be aware, it is a networking technology allowing the connection of computers without any wires and cables, mostly using radio technology.

These days Linux (aka kernel) supports various USB/PCI wireless cards for both Laptops and desktops systems. The best way to verify this is to contact card manufacturer / vendor. A quick search on manufactures web site will help you to get idea which card supported under Linux.

My personal experience is that cards from Intel (Centrino), Cisco, Netgear, DLink works with Linux.

There is a short list of wireless cards along with links to driver and vendor website. Make sure you visit an index of information and documentation of interest to those who now use or are considering using Linux on a notebook or laptop computer.

Linux is gaining popularity so most wireless card vendors started to include drivers on site. It may be possible that driver is not included in your running kernel, you need to get it from vendors web site. When you download driver it comes with installation instructions (look for READEM and INSTALL files).

Linux change the monitor or video card settings

last updated in Categories

Q. I am new to Linux. While playing with Linux display setting I made few of change to monitor and video card settings and restarted the Linux computer. Now I am getting very bad display. I am not able to get back GUI tools, how do I fix this mess?

A. Linux comes with the X Configuration Tool. Sometime you play with X display and after restart it will not work or during installation you select wrong settings. Here are list of tools you can use to reset your monitor and video card display settings:

If you are using FreeBSD use following two commands:

# Xorg -configure
# XFree86 -configure

Alternatively, use sysinstall tool:

# sysinstall

If you are using Debian Linux type command:

# dpkg-reconfigure xserver-xfree86

If you are using RedHat Enterprise or Fedora Linux type command:

# redhat-config-xfree86

See also:

Sorry too many clients when trying to connect to PostgreSQL database server – solution

last updated in Categories

Q. I am running PostgreSQL server for my web application and I am getting an error “Sorry too many clients when trying to connect to PostgreSQL”. How do I troubleshoot this database error?

A. This error indicates that you have reached the default limit set in your configuration postgresql.conf file. Under FreeBSD default limit is 40 database session. You need to increase this level.

Please note that increasing this level costs about 500 byes of shared memory per connection slot, in addition to costs from shared_buffers and max_locks_per_transaction.

Edit file /usr/local/pgsql/data/postgresql.conf (FreeBSD) or /var/lib/pgsql/data/postgresql.conf (Red Hat Linux) or /etc/postgresql/postgresql.conf (Debian Linux):

# vi /usr/local/pgsql/data/postgresql.conf

Locate parameter max_connections and set new value. For example if you want to 300 database session, it should read as follows:

max_connections = 300

Save the file and restart postgresql server. If you are using FreeBSD restart postgresql with following command:

# /usr/local/etc/rc.d/010.pgsql.sh restart

On the other hand, if you are using Debian Linux, restart postgresql with following command:

# /etc/init.d/postgresql restart

Configure sendmail as a smart host

last updated in Categories , ,

Smart host is very handy if you are on dial up network or sometimes a host finds mail that it is unable to deliver directly to the desired remote host.

In large network, it is good idea to have a single host/mail server acting as MTA. Smart hosts are usually used when all other methods of delivery have failed. In the case of the organization with the private network, it would be perfectly reasonable to have the hosts attempt to deliver mail directly first, and if that fails then to send it to the smart host. This relieves the smart host of a lot of traffic because other hosts can directly send mail to other hosts on the private network.

The SMART_HOST macro allows you to specify the host that should relay all outgoing mail that you are unable to deliver directly, and the mail transport protocol to use to talk to it.

Open your configuration file:# vi /etc/mail/sendmail.mcAppend or modify macro that read as follows :define(`SMART_HOST',`smtp.net4india.com')Replace smtp.net4india.com with your actual smtp server address. If line contains word, dnl remove the dnl word. Regenerate a new sendmail.cf config file with m4 command:# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cfRestart sendmail service:# /etc/init.d/sendmail restart

See also:

Procmail suspicious rcfile message (/home/user/.procmailrc) solution

last updated in Categories

Procmail is autonomous mail processor. Procmail should be invoked automatically over the .forward file mechanism as soon as mail arrives. It starts to look for a file named $HOME/.procmailrc.

The rcfile can contain a mixture of environment variable assignments (some of which have special meanings to procmail), and recipes.

This is not really a big problem. It is related to file permission. Use chmod command (change file access permissions) to fix problem (assuming that your user name is vivek):

$ chmod 0640 /home/you/.procmailrc

OR

$ chmod 0640 ~/.procmailrc

Further, make sure the .procmailrc file is owned by you and not by someone else:

$ ls –l ~/.procmailrc

If file is not owned by you then use chown command to setup correct ownership (if your user name is vivek):

# chown vivek:vivek ~/.procmailrc

Finally make sure your home directory belongs to you only:

$ ls –ld ~

Use chown to setup correct group permission on your home directory:

# chown vivek:vivek /home/vivek

Force sendmail to route mail to specific hosts or mailserver

last updated in Categories

mailertable allows you to route or deliver mail to different hosts. You need to use feature called FEATURE(`mailertable’) and you will have to create an external database containing the routing information for various domains.

First include mailertable feature you need to edit your sendmail.mc file and add the following line:
FEATURE(`mailertable’):

Open sendmail config file using text editor:

# vi /etc/mail/sendmail.mc

Append/modify line as follows:

FEATURE(`mailertable’)

Regenerate sendmail configuration file using m4:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Restart sendmail service:

# /etc/init.d/sendmail restart

Open /etc/mail/mailertable file and add domain name to route to different hosts. For example all mail coming from network 192.168 route to mail.myisp.com and all email for nixcraft.com will be automatically forwarded to a mail server p5.mail4india.com:

# vi /etc/mail/mailertable

Append following lines:

192.168. smtp:mail.myisp.com
nixcraft.com smtp:p5.mail4india.com

Now build database version of the mailertable is built using:

# makemap hash /etc/mail/mailertable Or just type make command to build new mailertable.db file:
# make

See also: