Linux Blog

htaccess allow from

Filed under: General Linux — TheLinuxBlog.com at 10:32 am on Tuesday, September 9, 2008

htaccess allow from gives you the ability to allow (or deny) specific IP’s or domain names from a directory on your server. To do this the syntax is quite simple. Using VIM or nano open up the .htaccess file in the directory that you want to restrict access to. You need to add the following:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

This allows access from your local host and the IP address you specify. Using .htaccess you can also allow by host name. This is useful if you wish to allow or deny a friend access to a directory. (note: it will also work if you have them in your hosts file)

Order Deny,Allow
Deny from all
Allow from LinuxBlog
Allow from .thelinuxblog.com

Using htaccess to allow from your LAN is also pretty easy. You use your CIDR address (ip/subnet) to do this try something like this (changing to match your LAN):

Order Deny,Allow
Deny from all
Allow from 192.168.1.1/24

I run into htaccess allow problems a lot, and hope that this will clear the air up for me. htaccess can be very handy if you do not want to keep turning your firewall on and off, but do not want your directories wide open. Just remember, if you want to stop everyone except those you choose to access your apache web directories, use htaccess allow from!

Finding a PC on your network

Filed under: General Linux,Linux Software — TheLinuxBlog.com at 4:31 am on Tuesday, September 4, 2007

When I’m at a remote location I sometimes need to gain access to a computer that is not accessible from the internet but is on the same network as another machine that is. I have remote SSH access into the box that is on the same network but I often don’t know the IP address for the computer that I am trying to gain access to since they are assigned via DHCP.
I have a simple solution that will locate the computer I wish to use once logged into the gateway in no time. The program needed is from our friends at insecure.org and is called nmap. It is a pretty standard tool so it should be included with your distribution. However if you do not own the Linux machine then it may not be installed or you may not have the ability to install it or have sufficient privileges to run it.
Basically what nmap does is scan the network.
The command I use to scan a whole subnet for my host is:

nmap -sP 192.168.x.x/24

The type of scan I use is a ping scan, I only determine if the host is online. If I know the DHCP pool starts from 1.1 and ends at 1.100 then I would use:

nmap -sP 192.168.1.1-100

This will yield faster scanning results since it only has to ping 100 hosts not the whole subnet.
Sometimes if the environment is a busy one (one with lots of hosts) a lot of online IP’s will be returned and its hard to identify which one your trying to connect to. I remedy this by just scanning the host range I need that only have port 22 open.

nmap 192.168.3.1-100 -sT -p22

The -sT option doesn’t require the user to be root but if you have root the -sS option is better as it gives detailed information such as the mac address which can come in handy if you happen to know what brand of network card is in the computer you are trying to log into.

This will work to find a computer on a network with Linux but it still requires you to know a little information about the PC your trying to find. If you need a better way of finding your PC’s I would recommend using static IP’s and DNS. Give it a shot if your on location somewhere and need access to your computer.