summaryrefslogtreecommitdiff
path: root/network/mod_hosts_access
diff options
context:
space:
mode:
Diffstat (limited to 'network/mod_hosts_access')
-rw-r--r--network/mod_hosts_access/README39
-rw-r--r--network/mod_hosts_access/mod_hosts_access.SlackBuild62
-rw-r--r--network/mod_hosts_access/mod_hosts_access.info8
-rw-r--r--network/mod_hosts_access/slack-desc19
4 files changed, 128 insertions, 0 deletions
diff --git a/network/mod_hosts_access/README b/network/mod_hosts_access/README
new file mode 100644
index 0000000000..2486db84ec
--- /dev/null
+++ b/network/mod_hosts_access/README
@@ -0,0 +1,39 @@
+mod_hosts_access
+
+This is a DSO (dynamically shared object) module for the Apache webserver
+that uses libwrap (TCP Wrapper) to check if the connecting hosts is allowed.
+
+This system works well with dynamic blocking scripts, such as DenyHosts, and
+configfile distribution systems, such as Cfengine. Especially if other blocking
+methods differ between hosts at a site (e.g. kernel-level firewalling means).
+
+At an appropriate place (i.e. where other modules are loaded similarly),
+add to /etc/httpd/httpd.conf following line:
+
+LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so
+
+The /etc/hosts.{allow,deny} access control checking for the "httpd" service
+can now be enabled or disabled on a per directory basis, by adding HostsAccess
+directive to its declaration, e.g. again in /etc/httpd/httpd.conf:
+
+# First, we configure the "default" to be a very restrictive set of
+# permissions.
+#
+#<Directory />
+# HostsAccess On
+# Options FollowSymLinks
+# AllowOverride None
+#</Directory>
+
+To test, restart apache for it to load the module; edit /etc/hosts.allow
+adding a line like the following:
+
+httpd: localhost: deny
+
+Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting
+the index page should fail, to verify try:
+
+ lynx -dump localhost
+
+The same can be done in a .htaccess file if AllowOverride Limit has been set.
+
diff --git a/network/mod_hosts_access/mod_hosts_access.SlackBuild b/network/mod_hosts_access/mod_hosts_access.SlackBuild
new file mode 100644
index 0000000000..905266cf97
--- /dev/null
+++ b/network/mod_hosts_access/mod_hosts_access.SlackBuild
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# Slackware build script for mod_hosts_access (libwrap support in Apache)
+
+# Written by Menno E. Duursma
+
+# This program is free software. It comes without any warranty.
+# Granted WFTPL, Version 2, as published by Sam Hocevar. See
+# http://sam.zoy.org/wtfpl/COPYING for more details.
+
+PRGNAM=mod_hosts_access
+VERSION=1.1.0
+ARCH=${ARCH:-i486}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+CWD=`pwd`
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+fi
+
+set -e # exit on most errors
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar -xzvf $CWD/$PRGNAM-$VERSION.tar.gz || exit 1
+cd $PRGNAM-$VERSION
+chown -R root:root .
+chmod -R a-s,u+w,go+r-w .
+
+# Create target dir
+mkdir -p $PKG/usr/lib/httpd/modules
+
+# Compile module as DSO (dynmically shared object)
+CFLAGS="$SLACKFLAGS" \
+apxs -ca mod_hosts_access.c -lwrap -lnsl
+
+# copy into place
+cp .libs/mod_hosts_access.so $PKG/usr/lib/httpd/modules
+
+( cd $PKG || exit 1
+ find . -type f | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
+)
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a [A-Z]* $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
diff --git a/network/mod_hosts_access/mod_hosts_access.info b/network/mod_hosts_access/mod_hosts_access.info
new file mode 100644
index 0000000000..5aba10416a
--- /dev/null
+++ b/network/mod_hosts_access/mod_hosts_access.info
@@ -0,0 +1,8 @@
+PRGNAM="mod_hosts_access"
+VERSION="1.1.0"
+HOMEPAGE="http://www.klomp.org/mod_hosts_access/"
+DOWNLOAD="http://dl.sourceforge.net/sourceforge/httpd-garage/mod_hosts_access-1.1.0.tar.gz"
+MD5SUM="2e4fd22e778c8d98d433344a46421eb7"
+MAINTAINER="Menno E. Duursma"
+EMAIL="druiloor@zonnet.nl"
+APPROVED="robw810,Erik Hanson"
diff --git a/network/mod_hosts_access/slack-desc b/network/mod_hosts_access/slack-desc
new file mode 100644
index 0000000000..16ec11ff64
--- /dev/null
+++ b/network/mod_hosts_access/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+mod_hosts_access: mod_hosts_access (Apache hosts ACL module)
+mod_hosts_access:
+mod_hosts_access: Httpd support for Wietse Venema's TCP Wrapper (libwrap)
+mod_hosts_access: hosts based access control system
+mod_hosts_access:
+mod_hosts_access: mod_hosts_access is developed by
+mod_hosts_access: Vincent Partington, Ken Coar
+mod_hosts_access:
+mod_hosts_access: Please see the README for instructions no how to enable it.
+mod_hosts_access:
+mod_hosts_access: