Installation

"require ip" in Apache configuration

"require ip" in Apache configuration

by Sean Fitzpatrick -
Number of replies: 2

One of the first steps for configuring Apache2 in the installation manual is to uncomment the line 'Require ip 192.0.2.0/24' and replace the ip address by the host domain, in both info.conf and status.conf.

This has always resulted in an error for me. Is it a DNS issue? (E.g. should this step be left until the end, once we have a URL approved by IT, with security certs installed, etc.)

I'm doing a fresh install, because our production server is getting long in the tooth, and there's a lot of clutter. (And, I confess, this might be easier for me than figuring out how to migrate from MySQL to MariaDB.)

Right now we have a VM running with URL webwork-update.cs.uleth.ca but this URL isn't visible outside our firewall, and will change before we release the server to the wild. I tried using 'Require ip .cs.uleth.ca' but restarting Apache2 fails, with error message "ip address '.cs.uleth.ca' appears to be invalid".

It works if I use the numerical ip address instead. Is there something I'm missing in this step?

In reply to Sean Fitzpatrick

Re: "require ip" in Apache configuration

by Danny Glin -

Looking at the apache documentation it looks like if you want to use hostnames the proper syntax is

require host .cs.uleth.ca

Note that those two items won't affect WeBWorK itself.  They control who can visit the yourschool.edu/server-info and yourschool.edu/server-status pages.  Because these pages give a lot of information about exactly what versions of software you are running, it is recommended to not make them available publicly, hence the restriction to only trusted hosts.  In fact, if you have never visited these pages, then there is no reason to enable them in the first place.

In reply to Danny Glin

Re: "require ip" in Apache configuration

by Sean Fitzpatrick -
Aha! Thanks -- that would explain why I'm unable to view those pages, since I don't have that set up correctly.

(This is probably another line in the installation manual that needs to be updated.)

I thought perhaps this had something to do with the fully qualified domain name. But that requires some setup work with DNS. (right now hostname --fqdn only returns the hostname, not including the domain name. But it seems there is no point trying to set this until I'm ready to deploy)