File: README.Debian

package info (click to toggle)
libapache-mod-removeip 1.0b-5.3
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 152 kB
  • sloc: ansic: 126; makefile: 72
file content (32 lines) | stat: -rw-r--r-- 1,243 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
## To activate mod_removeip, do:

 -- Apache 1.33

cp /usr/share/doc/libapache-mod-removeip/examples/mod_removeip.conf /etc/apache{-VERSION}/conf.d/

and restart apache

 -- Apache2

a2enmod removeip && /etc/init.d/apache2 force-reload


## Some details about mod_removeip and web apps/access restrictions:

Most of all, it means that any IP address based access restriction or
other security measures based on diversity (and possibly
non-predictability) of IP addresses implemented on the web application
layer will no longer provide any security. This may allow for easier
circumvention of applications' security measures (which may include
additional authentication tokens besides IP addresses, such as session
IDs or login credentials).

It should also be noted that applications which base some or all of
their functionality on an expected diversity of IP addresses, such as an
access log analyzer which provides statistics per IP address, will loose
some or all of their functionality.

Fortunately, libapache2-mod-removeip does _not_ cause apache to grant
everyone access to access restricted areas based on "Allow/Deny from"
directives. As such, it does, for example, not change whom is able to
access http://some.host/server-status .