Name | HostsAllowSyslogLevel | | |
Syntax | HostsAllowSyslogLevel facility-level |
Kontext | Server config <VirtualHost> <Anonymous> |
Modul | mod_wrap |
Ab Version | 1.2.0 |
Beschreibung | Proftpd can log when a connection is allowed as the result of a rule in the file specified in UseHostsAllowFile to the Unix syslog mechanism. A discussion on the facility levels which can be used is given in the SyslogFacility directive.
See Also: HostsDenySyslogLevel |
Beispiel 1 | HostsAllowSyslogLevel local3 |
06.00.2003 20:02 |
|
|
Zum Seitenanfang
Name | HostsDenySyslogLevel | | |
Syntax | HostsDenySyslogLevel facility-level |
Kontext | Server config <VirtualHost> <Anonymous> |
Modul | mod_wrap |
Ab Version | 1.2.0 |
Beschreibung | Proftpd can log when a connection is rejected as the result of a rule in the file specified in UseHostsAllowFile to the Unix syslog mechanism. A discussion on the facility levels which can be used is given in the SyslogFacility directive |
06.00.2003 20:02 |
|
|
Zum Seitenanfang
Name | TCPAccessFiles | | |
Syntax | TCPAccessFiles allow-filename deny-filename |
Kontext | Server config <Global> <VirtualHost> <Anonymous> |
Modul | mod_wrap |
Ab Version | 1.2.1 |
Beschreibung | TCPAccessFiles specifies two files, an allow and a deny file, each of which contain the IP addresses, networks or name-based masks to be allowed or denied connections to the server. The files have the same format as the standard tcpwrappers hosts.allow/deny files.
Both file names are required. Also, the paths to both files must be the full path, with two exceptions: if the path starts with ~/, the check of that path will be delayed until a user requests a connection, at which time the path will be resolved to that user's home directory; or if the path starts with ~user/, where user is some system user. In this latter case, mod_wrap will attempt to resolve and verify the given user's home directory on start-up.
The service name for which mod_wrap will look in the indicated access files is proftpd by default; this can be configured via the TCPServiceName directive. There is a built-in precedence to the TCPAccessFiles, TCPGroupAccessFiles, and TCPUserAccessFiles directives, if all are used. mod_wrap will look for applicable TCPUserAccessFiles for the connecting user first. If no applicable TCPUserAccessFiles is found, mod_wrap will search for TCPGroupAccessFiles which pertain to the connecting user. If not found, mod_wrap will then look for the server-wide TCPAccessFiles directive. This allows for access control to be set on a per-server basis, and allow for per-user or per-group access control to be handled without interfering with the server access rules. |
06.00.2003 20:02 |
|
|
Zum Seitenanfang
Name | TCPAccessSyslogLevels | | |
Syntax | TCPAccessSyslogLevels <match>; <remote-server> |
Kontext | Server config <Global> <VirtualHost> <Anonymous> |
Modul | mod_wrap |
Standard | TCPAccessSyslogLevels info warn |
Ab Version | 1.2.1 |
Beschreibung | ProFTPD can log when a connection is allowed, or denied, as the result of rules in the files specified in TCPAccessFiles, to the Unix syslog mechanism. A discussion on the syslog levels which can be used is given in the SyslogLevel directive |
06.00.2003 20:02 |
|
|
Zum Seitenanfang
Name | TCPServiceName | | |
Syntax | TCPServiceName [ name] |
Kontext | Server config <Global> <VirtualHost> |
Modul | mod_wrap |
Standard | proftpd |
Ab Version | 1.2.1 and later |
Beschreibung | TCPServiceName is used to configure the name of the service under which mod_wrap will check the allow/deny files. By default, this is the name of the program started, i.e. "proftpd". However, some administrators may want to use a different, more generic service name, such as "ftpd"; use this directive for such needs. |
Beispiel 1 | |
Beispiel 2 | |
06.00.2003 21:02 |
|
|
Zum Seitenanfang
Name | UseHostsAllowFile | | |
Syntax | UseHostsAllowFile filename |
Kontext | Server config <VirtualHost> <Directory> |
Modul | mod_wrap |
Standard | /etc/hosts.allow |
Ab Version | 1.2.0 |
Beschreibung | Das "UseHostsAllowFile" gibt IP's, Netzwerke oder Domains an, denen der Zugriff zum erlaubt ist. Das Format ist das gleiche wie in den "hosts.allow" und "hosts.deny" Dateien. |
Beispiel 1 | UseHostsAllowFile /etc/ftpd.allow |
06.00.2003 20:02 |
|
|
Zum Seitenanfang
Name | UseHostsDenyFile | | |
Syntax | UseHostsDenyFile filename |
Kontext | Server config <VirtualHost> <Anonymous> |
Modul | mod_wrap |
Standard | /etc/hosts.deny |
Ab Version | 1.2.0 |
Beschreibung | Gibt das hosts.deny File für den IP basierten Sicherheitscheck an. Siehe auch UseHostsAllowFile. |
Beispiel 1 | UseHostsDenyFile /etc/ftpd.deny |
06.00.2003 20:02 |
|
|
Zum Seitenanfang
Name | WrapUserTables | | |
Syntax | WrapUserTables user-OR-expression source-type:allow-source-info source-info:deny-source-info |
Kontext | Server config <Global> <VirtualHost> <Anonymous> |
Modul | mod_wrap |
Standard | |
Ab Version | 1.2.8rc1 and later |
Beschreibung | The WrapUserTables directive configures the information necessary for mod_wrap to locate and use the tables containing the access rules for specific users.
The user-OR-expression parameter is a logical OR expression, which means that the connecting user can be any the users listed for this directive to apply. User names may be negated with a ! prefix.
The next two parameters specify two tables, an allow and a deny table, each of which contain the IP addresses, networks or host/network masks to be allowed or denied.
Please consult the relevant submodule documentation for details on that module's syntax for specifying tables. The service name for which mod_wrap will look in the indicated access tables is "proftpd" by default; this can be configured via the WrapGroupTables, WrapServiceName, WrapTables |
Beispiel 1 | |
Beispiel 2 | |
01.-1.2003 29:00 |
|
|
Zum Seitenanfang
|