I want to allow the connection from my LAN and in the case, that the external ip matches my ip (for when I use my domain to connect internal to my http server via browser)
I found this:
Require forward-dns bla.example.org
but I get an 403 Forbidden :/
My .htaccess looks like this:
Order Deny,Allow
Deny from all
Allow from 192.168.254.1/24
Require forward-dns mydomain.de
Thank you :C
Here is the answer I have worked out:
I use a scipt to enter the IP address in the hosts file.
Follow the instructions from:
https://www.the-art-of-web.com/system/apache-auth-ddns/
After that it works with the following command in .htaccess
Allow from yourDomain.de
Its not the best answer, but it will work.
Related
I run apache locally, on one of my homeservers. I am able to access the domain once or twice, but then it will time out. It simply wont allow me to access it from my ip (the same IP the site is hosted on). Others are able to type in the domain name, and access the server as much as they want. If i use a proxy, then i am also able to access it. The only times it messes up is when i try to access it without a vpn, or by using another computer that is on the network.
TL;DR cant access site from own network, other networks can access.
Could you tell us what operating system you use? It could also be that in the rules for that directory you are allowing access to it from any IP except localhost.
Example:
<Directory /var/www/html/>
Order Deny,Allow
Deny from 127.0.0.1
Allow from All
</Directory>
Such a configuration would deny everything from localhost and allow everything from any other IP.
I have a cloud-based apache2 web server, which serves multiple sites using various virtualhost conf files.
One of the websites is for my development only, and is currently configured to only allow my current IP address.
Order deny,allow
Deny from all
Allow from 1.2.4.5
However my IP changes once a week or so - so I'd prefer to use my dynamic DNS hostname. Alas this...
Allow from abc.ddns.net
... does not work. Can it be done?
It can work, but it requires your DNS to be setup perfectly. If you use allow from {hostname} then for each relevant URI path, Apache requests a reverse DNS lookup of the IP for the connection, and then if that returns the correct host name from your allow directive Apache then rechecks that that name resolves to the IP of the original connection.
This is all a relatively expensive set of operations and is normally not recommended. Allow from {ip address} would normally be preferred.
I have a simple REST api endpoint, which will respond to the requests from out side. Now I want to secure it. I only want my end point to respond to requests which comes from my server (host).
What would be the easiest way to do this?
Can we trust HTTP_REFERER?
Please help.
Thanks in advance
You can deny/allow IP's using .htaccess
<files api.php>
order deny,allow
deny from all
allow from 0.0.0.0 # Your Server IP
allow from 0.0.0.0 # Your Client IP
allow from 0.0.0.0 # Your Clients another IP
</files>
Hope this help
Can we trust HTTP_REFERER
No. Referrer is sent by client so can be anything and cannot be trusted. You can however try checking REMOTE_ADDR against allowed IP's or if you do not assign IPs per user, you can simply set up firewall using i.e. iptables, use .htaccess with proper Allow/Deny entries or any other software that controls the traffic before it reach your API. This will allow you to decouple this feature from main API
someone trying to access pages like
//mysqladmin//scripts/setup.php
Is it some hack attempt or .. ?
If yes then how i can block its ip from accessing mine website ?
Via htaccess or something else ?
As an update to this old question for those who still land here:
Order Allow Deny are deprecated as of Apache 2.4 and Require should be used.
<RequireAll>
Require all granted
Require not ip 1.2.3.4
</RequireAll>
Ranges, netmasks, etc. can also be specified.
https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html (Deprecated)
https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
To block special IP addresses you can put the following in a .htaccess file located in your directory, you like to restrict:
order allow,deny
deny from 1.2.3.4
allow from all
Where 1.2.3.4 is the IP you like to block.
But note that IP adresses change users and also attackers change IP adresses.
So this will not secure your application and potentially block leagal visitors.
The better solution will be to make sure your script does not accept malicious paths.
Append a base path to the path you get from the user
Make sure the path you get from the user does not contain '../'
I want to allow access to a file (secret.txt) only from my ip.
Below is the .htaccess I'm using.
It works great at my provider's server.
However, at my localhost this .htaccess does not allow me to access the file.
<Files "secret.txt">
order deny,allow
deny from all
allow from 1.2.3.4
</Files>
Where my external ip is "1.2.3.4"
I use Apache server locally.
How can I make things work at localhost also?
What Address are you using to access your local Apache server? If you're addressing it as localhost then you're probably not going all the way out of your machine via the network and back in again. This means that as far as your local Apache server is seeing you, you're coming from a loopback address.
Try putting 127.0.0.1 in instead of your external IP, and see if that works.
Try looking into your local server's access logs: does your local server see 1.2.3.4 when you are accessing the file from the computer that should be allowed? You may see a different IP address (due to NATs and whatnot).