Installing and using mod_hosts_access ------------------------------------- Installing and using mod_hosts_access compromises three steps: 1. Linking the mod_hosts_access module with Apache. 2. Configuring the mod_hosts_access module. The following requirements exists for installing and using mod_hosts_access: * Apache 1.3.0 or higher (I think). * The tcp_wrappers library libwrap.a (which is in /usr/lib on my system). * A C compiler. If you run into problems, check the Known Problems section at the end. Linking the mod_hosts_access module with Apache =============================================== Depending upon the way your Apache is configured, choose one of the following methods: 1. Build a DSO module, if you built Apache with DSO support (recommended). 2. Build a static module by calling the configure script, if you used APACI to configure Apache. 3. Build a static module by editing the Configuration file, if you used the old-style way to configure Apache. Bulding a DSO module -------------------- 1. Change the current directory to the directory that contains mod_hosts_access.c 2. Execute the following command: > apxs -i -a -c mod_hosts_access.c -lwrap The module will be compiled, installed in the libexec directory of your configuration and the httpd.conf file will be updated. The apxs command can be found in the directory that also contains apachectl, typically PREFIX/sbin. Building a static module by calling the configure script -------------------------------------------------------- 1. Change the current directory to the directory containing your apache source distribution. 2. Before calling the configure script set the LIBS environment variable to -lwrap. If you using bash, sh or ksh this can be done with: > LIBS=-lwrap; export LIBS If you are using csh or tcsh, you can issue this command: > setenv LIBS -lwrap 3. Call the configure script as you normally would and add the switch --add-module=/mod_hosts_access.c 4. Make sure the build environment is clean by issuing the following command: > make clean 5. Build the new httpd binary with: > make 6. Install the new httpd binary with: > make install Building a static module by editing the Configuration file ---------------------------------------------------------- 1. Change the current directory to the src subdirectory of your apache source distribution. 2. Copy mod_hosts_access.c to the subdirectory modules/extra. 3. Add "-lwrap" to the EXTRA_LIBS line: EXTRA_LIBS=-lwrap 4. Add the following line to the file Configuration: AddModule modules/extra/mod_hosts_access.o 5. Build new Makefiles etc. by issuing the following command: > ./Configure 6. Make sure the build environment is clean by issuing the following command: > make clean 7. Build the new httpd binary with: > make 8. Install the new httpd binary with: > make install Configuring mod_hosts_access ============================ 1. By default mod_hosts_access does no access checking. Enable hosts_access checking by adding the line HostsAccess On to your configuration. This line can be placed anywhere the deny and allow directives may be used, e.g. in the block or in a .htaccess file if AllowOverride Limit has been set. 2. hosts_access checking can be disabled by adding the line HostsAccess Off to your configuration. 3. For details on the syntax of the files /etc/hosts.allow and /etc/hosts.deny check the manpage hosts_access(5). The name of the daemon for the files is "httpd", however this can be configured by changing the following line in mod_hosts_access.c: #define RQ_DAEMON_NAME "httpd" 4. If you are using ident information in your hosts_access rules, you may consider adding "IdentityCheck On" to your httpd.conf. This will speed up access checking. 5. The deny and allow directives can be used at the same time as the HostsAcces directive; any request will have to pass both access checks to be allowed in. 6. Stop Apache and start it again (restarting after rebuilding a DSO module sometimes causes Apache to hang or crash).