I need to deny certain IP's all access but I can't see any deny.
I put this code on my ssl.conf inside label VirtualHost
<LocationMatch "/.*">
Order Allow,Deny
Allow from all
SetEnvif X-Forwarded-For "93\.176\.144\.153" DenyAccess
SetEnvif X-Forwarded-For "139\.162\.206\.138" DenyAccess
Deny from env=DenyAccess
</LocationMatch>
Why not run correctly this configuration?
Thanks in advance
This method does not work? Even in an .htaccess file?
Order Allow,Deny
Allow from all
Deny from 93.176.144.153 139.162.206.138
Related
I am trying to place apache restrict by ip.
I tested on my IP if by blocking myself or accept only the other IP.
Apache was restarted, i really don't know which could be the problem
I could accessed on the page despite of the restriction
All examples which i found on web as below :
<Location /home>
SetEnvIf X-Forwarded-For ^xxx\.xxx\.xxx\.xxx access
Order allow,deny
Satisfy Any
Allow from env=access
</Location>
<Location /home>
Order Deny,Allow
Deny from All
Allow from xxx.xxx.xxx.xxx
Deny from All
Satisfy Any
</Location>
<ProxyMatch "/home/*" >
Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx
</ProxyMatch>
<LocationMatch "/home">
Order Allow,Deny
Allow from all
SetEnvif X-Forwarded-For "xxx\.xxx\." DenyAccess
Deny from env=DenyAccess
</LocationMatch>
<Location "/home">
Order Allow,Deny
Allow from all
SetEnvIf X-Forwarded-For ^xxx\.xxx\. denyAccess
Deny from env=denyAccess
</Location>
<Location "/home">
SetEnvIf X-Forwarded-For ^xxx\.xxx\. access
Order allow,deny
Satisfy Any
Allow from env=access
</Location>
Thanks
You can do it via Require not ip xxx.xxx.xxx.xxx directive
Documentation here: https://httpd.apache.org/docs/2.4/howto/access.html
Apache 2.4 has a differing structure using Require
<Files /home>
Require all granted
Require not ip xx.xx.xx.xx
</Files>
See below what I tried so far for ipV6. It doesn't work. The part concerning ipV4 works fine.
<Files *.php>
Order Deny,Allow
Deny from all
allow from 170.158
allow from 2604:2000:69d4:a600:a894:449b:8749:7f4d
allow from 2604:2000:69d4:a600:0041:0e76:4563:5aaa
</Files>
Here is what I got: IT does work with both, IPv4 and IPv6, a question would be how to allow IPv6 with a range.
ErrorDocument 403 /403.html
RedirectMatch 403 ^/folder/.*$
SetEnvIf Remote_Addr "2804:388:d042:e9e7:c5f2:6aba:1ed2:38df" realremoteaddr
SetEnvIf Remote_Addr "2804:214:82c6:b526:71eb:85b2:5111:88de" realremoteaddr
SetEnvIf Remote_Addr "2804:214:82c6:b526:8c98:8e23:54ec:bd48" realremoteaddr
allow from env=realremoteaddr
#deny from 187.84.4.102
The below seems to be blocking all visitors, yet if i comment out the specific IP the site loads for everyone.
Its added via security however, is blocking everyone out rather than just the specific IP targeted.
I have contacted our hosts and they claim it's nothing to do with them, but surely it's how they have their Apache configured?
SetEnvIF REMOTE_ADDR "^66\.249\.66\.217$" DenyAccess
SetEnvIF X-FORWARDED-FOR "^66\.249\.66\.217$" DenyAccess
SetEnvIF X-CLUSTER-CLIENT-IP "^66\.249\.66\.217$" DenyAccess
<IfModule mod_authz_core.c>
<RequireAll>
Require all granted
Require not env DenyAccess
Require not ip 66.249.66.217
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
Deny from env=DenyAccess
Deny from 66.249.66.217
</IfModule>
The directives seem to work as is.
To debug this, I would first verify, if mod_authz_core is enabled or not.
Based on this, you may check, which of the directives are causing the block, either the environment directive
Require not env DenyAccess
Deny from env=DenyAccess
or the ip directive
Require not ip 66.249.66.217
Deny from 66.249.66.217
If the environment is the culprit, check which of the variables is causing it, by commenting one by one.
If i have two files I want to deny access to on an Apache server - is there a way of combining them instead of writing the same code twice (or more times for other files as well)?
APACHE
<files wp-config.php>
order allow,deny
deny from all
</files>
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>
For multiple files use FilesMatch like this :
<filesMatch "wp-config(\.php)?|xmlrpc(\.php)?">
order allow,deny
deny from all
</filesMatch>
That will match wp-config.php or wp-config or xmlrpc.php or xmlrpc with extension or not
I would like to deny access to all files and directories on the server but a few ones that I explicitly allow. How can I do that with .htaccess? Why does my approach not work? I am aware I will have to allow .css, .jpg etc.
DirectoryIndex index.html
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files index.html>
order Allow,Deny
Allow from all
</Files>
edit: the above .htaccess gives me a "Forbidden" error when I try to access index.html. why?
edit: this seems to do the trick. I hope there are no holes left:
#Disallow everything
<filesmatch "\.+">
Order Allow,Deny
Deny from all
</filesmatch>
#Allow index
<Files index.html>
order Allow,Deny
Allow from all
</Files>
#Allow peripheral files
<FilesMatch "\.(css|png|jpg|js|ico)$">
Order Allow,Deny
Allow from all
</FilesMatch>
IP address : 127.0.0.1 have access to your server and others don't.
this part:
<Files index.html>
order Allow,Deny
Allow from all
</Files>
set access to index.html for all users BUT remember because you did not mention anything about other files they have default access attributes.
for example the code below allow files: 01.jpeg or 01.html or anything ended with xml.
<FilesMatch !"(01\.jpe?g|01\.html|xml)$">
order Allow,Deny
allow from 127.0.0.1
</FilesMatch>