6.11. client

[<<<] [>>>]

client (
    allowed "127.0.0.1/255.255.255.255"
    allowed "16.94.58.4/0.0.0.0"

denied "127.0.0.1/0.0.0.0" denied "16.192.68.5/255.255.0.0" )

You can define the client IPs that are allowed and denied to connect to the engine. This is the real client that is connecting to the listener on the socket and trying to get access via HTTP and not the client reported by any proxy header field. You can use this configuration option to allow only the web server machine to connect to the engine via the proxy module and disallow all external connections that may try to connect from external machines. You can also use this option to configure a client application not to be accessed by external computer.

A connection is accepted by the engine if there is at least one allowed configuration line that allows the connection and there is no any denied configuration line that denies the connections.

The string following the keywords allowed or denied should contains the IP number and the MASK separated by a slash. When the client IP is calculated first it is bitwise AND-ed by the MASK and compared to the IP number. Thus

allowed "127.0.0.1/255.255.255.255"

allows only connections from the localhost and

denied "127.0.0.1/0.0.0.0"

denies access for no-one (in other word this line is waste of CPU and text file, but is good as an example). The line

denied "16.192.68.5/255.255.0.0"

disallows all requests that come from an IP number 16.192.*.* that is some internal sub-network of the once existed firm: Digital Equipment Corporation.


[<<<] [>>>]