|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Can I use httpd to only allow IP addresses?
I am wondering if there is a way with httpd.conf to allow only the listed IP addresses? I can see there is a from option in relayd.conf:
Quote:
|
|
|||
At this point, I feel relayd is a more new-user-friendly option.
Can relayd and httpd work side-by-side? Or would I need to configure other sites served by httpd to use relayd? |
|
|||
Well, mostly I'm new to OpenBSD as I've been using nginx on Ubuntu for the past 8 years. I don't normally use the reverse proxy features, but I'm familiar with its configuration in nginx. However, I've generally shied away from directly managing firewall rulesets (e.g., in Ubuntu I just run UFW).
|
|
|||
Quote:
I recommend "The Book of PF" by Peter N M Hansteen as an easy-to-read (and fairly in-depth) tutorial. |
|
|||
Thanks, guys.
I also found iptables very difficult and on more than one occasion broke a server, so I basically gave up on managing firewalls at the rule level. I'm wanting to convert everything over to OpenBSD. I like it better, it's just new and I'm not the best at figuring out where to start, but I do try to read the man pages carefully, including the "see also" section at the end of each one. I'll give that pf rule a try and pick up that book. |
|
||||
Just to note that the example above is a "default block" ruleset. Only packets from your table of pre-approved CIDRs or individual addresses are allowed to reach processes. If your webserver needs other network services, including DNS, they would need to be passed also.
The ruleset can be converted to a "default pass" if preferred. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Microsoft spends $7.5m on IP addresses | J65nko | News | 2 | 24th March 2011 10:49 PM |
PHP 5.2.13 addresses security holes | J65nko | News | 2 | 26th February 2010 10:22 PM |
How to find available IP addresses? | bigb89 | Programming | 16 | 20th August 2008 07:32 PM |
Managing IP Addresses | bigb89 | FreeBSD General | 8 | 28th May 2008 12:09 AM |
abbreviating email addresses? | ocicat | Feedback and Suggestions | 9 | 22nd May 2008 12:21 AM |