[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hosts.allow - words of wisdom?

On Thu, Jan 07, 1999 at 04:56:32PM -0600, Alexander Kushnirenko wrote:
> Hi,
> 
> Thanks for the comments,  But would wrapping Apache do any good?  AFAIK 
> wrapping works only when daemon starts and Apache is sort of always on?

I would not suggest running a web server from inetd. If the web server
persists after the first connection, that is fine, but you are correct in
that this behavior excludes using tcpd. It does not exclude having libwrap
built in to the daemon and I'm not sure if apache is built with this
support.

The libwrap code starts when there is a connection to the port and the
program handsoff the info to libwrap. It _then_ opens the
/etc/hosts.{allow,deny} files in order to check the validity of the
connection.

/usr/sbin/tcpd however, is passed the actual connection and it checks the
validity. If it's ok then it passes the connection off to the daemon.

-- 
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
UnixGroup Admin - Jordan Systems Inc.                 bcollins@debian.org
------ -- ----- - - -------   ------- -- The Choice of the GNU Generation
Reply to: