Here is my current apache2.conf
<Directory /var/www/>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 ::1
Allow from localhost
Allow from 10
Satisfy Any
But I want allow access to a one file http://my_server_ip/handl.php What I should do?
I cannot get allow and deny directives to work from an htaccess file within any directory in my web root. I am at a loss as to where I should look to configure this. I have checked the obvious (authz modules are loaded, allow overrides is set to all) Any ideas? Here are my configuration details.
I have an Apache 2.2 server running on RHEL. Within this server I have an IP based VirtualHost that is configured like where myipaddr and myserver are the actual IP address and host name respectively:
<VirtualHost myipaddr:80>
ServerName myserver
TransferLog /var/log/httpd/myserver.access
LogFormat loadbalanced
ErrorLog /var/log/httpd/myserver.error
DocumentRoot /var/www/myserver
<Directory /var/www/myserver>
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
I have tried more complex directives but even a simple .htaccess file that should deny everything has no effect.
Order deny,allow
Deny from all
It turns out the was a configuration file in /etc/httpd/conf.d that I did not realize was getting loaded and it was trumping the denies and allows within specific directories.
<Location />
Order allow,deny
Allow from all
<LimitExcept GET POST PUT DELETE>
Deny from all
</LimitExcept>
</Location>
I have an apache2 server, serving a website from the following directory /var/www/
I'm trying restrict this website to all but 2 ip addresses
I've put the code below in the security file located on my linux
server directory:
etc/apache2/conf.d/security
<Directory /var/www/>
Order allow,deny
#Allow from IPADDRESS1
Allow from IPADRESS2
</Directory>
1) Why can I access the website from IPADDRESS1 when it's commented out?
2) Is this the section of the apache2 documentation that deals with this?
I think you need to specify to deny all other connections. I.E:
<Directory /var/www/>
Order allow,deny
#Allow from 192.168.1.4
Allow from 149.254
Deny from all
</Directory>
How to configure the virtual host in apache to let the users access those resources with certain file extensions only?
Eg. I want users have access to .jpg .png .html files only. How to configure that in the virtual host?
you can set the apache directories by allowing access for images folder and deny the access to the others
<virtualhost>
Documentroot /var/www
Alias /images /path/to/images
<Directory "path/to/images">
Options Indexes FollowSymLinks
AllowOverride None
Allow from all # allow access to images only
</Directory>
<Directory "path/to/apps">
Options Indexes FollowSymLinks
AllowOverride None
Deny from all
</Directory>
</virtualhost>
There are other questions similar to this but don't answer my problem.
This is the default httpd.conf:
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
and it allows only 127.0.0.1, but I want to allow also localhost and 192.168.x.x (my private ip).
Well, the other answers are: put Allow from all and uncomment in hosts file the line 127.0.0.1 localhost; but I read that is unsecure or not reccomended.
So I've tried this:
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.x.x
Allow from localhost
</Directory>
It works for 192.168.x.x, but not for localhost (gets error: 403 Forbidden, You don't have permission to access / on this server.)
1) How can make it works?
2) Maybe is required to uncomment in hosts file the line 127.0.0.1 localhost ?
3) Is it really more secure than Allow from all?
Lets keep it simple, try this
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 ::1 localhost 192.168
</Directory>
::1 is the IPV6 equivalent of 127.0.0.1
I would use the first 3 of the quartiles 192.168.0 ( assuming your third quartile is 0 )
Update your httpd.conf to this, and you will be able to get to localhost on WAMP.
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.x.x
Allow from ::1
</Directory>
If you are using
Apache 2.4
then use:
<Directory "C:/wamp/www/">
Require all denied
Require ip 127.0.0.1
<If "%{HTTP_HOST} == 'localhost'">
Require all granted
</If>
</Directory>
1) I don't know if your Directory sintax is correct as I use ubuntu server, but I always put the lines that allow individual addresses before the "Deny from all" directive. However, in the apache documentation you can see examples where the directives are in the same order as in your code
Link
I alse specify the netmask, which in the case of individual IPs should be 255.255.255.255, more fine-grained subnet restriction.
I have always seen the words deny,allow in the first directive in lowercase, but as you are using Windows maybe it is not necessary. The code that I would use is:
order deny,allow
Allow from 127.0.0.1/255.255.255.255
Allow from 192.168.x.x/255.255.255.255
Allow from localhost/255.255.255.255
Deny from all
2) Yes, as you are denying every petition except those that come from the specified IPs
Related reference