we need to create a cdn with a series of icons, we would like to limit access (via htaccess or something?). So deny it to all but only allow it to some domains. How can we do?
We tried to use this syntax
# Order Allow, Deny
Deny from All
Allow from 1.2.3.4
and this syntax but it doesnt work very well:
SetEnvIf Origin "^https?://[^/]*(firstdomain|seconddomain)" ORIGIN=$0
Header always set Access-Control-Allow-Origin %{ORIGIN}e env=ORIGIN
Related
P.S.: Sorry me and please be lenient with my English.
I have the situation when some IP must blocked and better way for this on my mind - htaccess. It cause I have many entry points. It easy and works fine...
I do:
<Files *>
Order allow,deny
deny from aaa.aaa.aaa.aaa/aa
deny from bbb.bbb.bbb.bbb/bb
Allow from all
</Files>
BUT! There one more things. I have a few devices which should be allowed access even if they go through the denied IP.
I can't install some module for Apache. So I need some simply way for decide it.
Can someone give me some ways or some tricks for it?
You need some way of identifying those devices, then you can add an environment variable to set up an exception and use access control by environment variable. For example, if you can do it by user-agent:
SetEnvIf User-Agent SpecialUA UAException=1
<Files *>
Order allow,deny
Allow from UAException=1
Deny from aaa.aaa.aaa.aaa/aa
Deny from bbb.bbb.bbb.bbb/bb
Allow from all
</Files>
See also SetEnvIf. I am linking to Apache 2.2 docs since you are using the old syntax which has been updated in 2.4.
I need to block access to a particular route in my web application using a .htaccess file for everyone except a list of IP's. When I say block and whitelist IP's I want to use the following on particular route
order deny,allow
deny from all
allow from 1.1.1.1
allow from 2.2.2.2
I tried using the Location directive, but it is not allowed in .htaccess.
I do not have access to the server config file since it is a managed hosting provider
The route I want to block is for eg: http://www.example.com/route1
Is there a way?
Thanks for the help in advance
You can definitely achieve this using multiple methods.
.htaccess files:
<files route1>
order deny,allow
deny from all
allow from my.ip.address
</files>
If you are looking at whitelisting multiple ip's I would suggest the follow method:
<Files myfile.php>
order deny,allow
deny from all
allow from env=allowip
#Office 1
#132.11.32.222
SetEnvIf X-FORWARDED-FOR "^132\.11\.32\.222" allowip
#Office 2
#142.11.32.222
SetEnvIf X-FORWARDED-FOR "^142\.11\.32\.222" allowip
</Files>
A short explanation of what I'm doing is: I need to automatically create virtualhosts for each ip address on my machine, make it point to the vsftpd user directory (/home/xxx) and deny any kind of scripts from being executed.
I want to stop any kind of webpages and especially PHP scripts from being executed, because it would post a huge security risk(apache is sudo). The purpose of this virtualhost is purely to serve game resource files, extentions like .wav , .mdl , .tga , .spr and so on.
I searched around and found this
deny from all
<filesmatch "\.(avi¦wmv¦mpg¦mov)$">
Allow from all
</filesmatch>
But this is .htaccess content. How can I implement this functionality of only allowing certain extentions inside my httpd.conf file? It would be a pain to make it use .htaccess, and a risk because users might edit them.
Please refrain from any comments unrelated to my question, such as "sudo apache? you're a dumbass" and so on.
There is no such thing as .htaccess only content. The is a huge misconception. Most of time you do NOT want to use .htaccess and Apache recommends that you not use it unless necessary. Apache rules can always be put in the server config.
When not to use .htaccess
Now you can put that in your VirtualHost directive. The same location where your document root is defined.
The FilesMatch directive can be used in these context.
Context: server config, virtual host, directory, .htaccess
http://httpd.apache.org/docs/current/mod/core.html#filesmatch
So in your vhost file you can add a Directory directive like this example.
<Directory /path/to/documentroot/>
Deny from all
<FilesMatch "\.(avi|wmv|mpg|mov)$">
Allow from all
</FilesMatch>
</Directory>
If you are using Apache 2.4 then you need to use Require.
<Directory /path/to/documentroot/>
Require all denied
<FilesMatch "\.(avi|wmv|mpg|mov)$">
Require all granted
</FilesMatch>
</Directory>
Hi im trying to get some basic rules in htaccess working but not having much luck.
At the top of my file I want to block certain IP's and certain user agents so I have
## block specific IPs
Order Deny,Allow
Deny from 62.210.122.209
Deny from 109.184.114.247
## stop requests with user agent that includes these texts
BrowserMatchNoCase "xyz" bad_bot
Deny from env=bad_bot
this works fine on its own however I also need to stop all php scripts being accessed except for index.php and index2.php
## stop all php files from being accessed
<Files *.php>
deny from all
</Files>
## except for index and index2
<Files ~ "^index(2)?\.php$">
allow from all
</Files>
but once I add this I get partial access to the site even with my user agent containing xyz
/index.php is blocked
but
/administrator/index.php is still open to me
Found the answer .. simply use the environment variable setup in the first part to deny access under the files directive for index.php in the second.
I need to deny all IPs except mine.
I got my outward facing IP from whatismyip.com. Let's assume it is 200.200.200.200
Here is the beginning of my .htaccess
ErrorDocument 403 /down.html
<Limit GET POST>
order deny,allow
deny from all
allow from 200.200.200.200
</Limit>
This works with the denying part - it shows my down.html page. However it denies me even when I place my correct IP in the .htaccess. Am I doing something wrong?
Also the down.html page contains an image - but seeing as all requests are being denied, I had to host it on a different domain to get it to display. My .htaccess skills are a little rusty, but how would I go about allowing that one image request through using .htaccess on this domain?
<Limit GET POST>
order allow,deny
allow from 200.200.200.200
deny from all
</Limit>