I am using htaccess config for allow only my IP:
order deny,allow
deny from all
allow from MY.IP
How can I redirect on 403 to another domain, for example when 403 -> go to www.google.com.
You can't send a 403 and redirect (3xx) in the same request. You do one or the other.
To redirect when the requesting IP is not your own then you would need to use mod_rewrite instead of mod_authz... as you are doing. For example, at the top of your .htaccess file:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !=203.0.113.111
RewriteRule ^ https://example.com/ [R,L]
Where 203.0.113.111 is your IP address and the https://example.com/ is the URL you want to send all other users to.
However, sending a 403 Forbidden is probably the better response.
Related
htaccess. How can I allow access to admin`s url via ip? And disallow other ips.
For example, I want to allow acces to url site.com/admin only for few ips.
I use
<Directory /admin/>
Order deny, allow
deny from all
Allow from XXX.XXX.XXX.XXX
</Directory>
but get error 500.
You can use this condition. If request is not from your allowed IP you redirect to index.html
RewriteCond %{REMOTE_ADDR} !^XX.XX.XXX.XX
RewriteRule ^(.*)$ /index.html [R,L]
I'm setting up a development server on one of my subdomains. I'm controlling access to the site using the visitor's IP address. When I see a visitor that is not authorized, I want to 301 redirect them to the main website. I've got a temporary solution using the following .htaccess directive:
ErrorDocument 403 http://www.mymainsite.com/
But my understanding is that's a 302 redirect. I want to do a 301.
In looking for a solution I came across the following:
RewriteCond %{HTTP:Authorization} !=""
RewriteRule ^$ http://www.mymainsite.com [R=301,L]
It does not appear to be working, however. Just for reference, I'm blocking on IP, not a login, so this are my settings:
Order deny,allow
Deny from all
Allow from 12.2.120.233
Anyone know how to get this working as a 301?
Directory viewing would render 403 upon wrong ip:
order deny,allow
deny from all
allow from 111.222.333.444
Simple and clear, so lets move on...
then tried to gobble up some code to render 404 instead of 403:
order deny,allow
deny from all
allow from 111.222.333.444
RedirectMatch 404 ".*\/\..*"
And the above does not work, what have I missed?
SPECS
1. .htaccess is inside a subdir
2. file is executed by virtualhost
NB
And by rendering, I mean recieving headers vs visual trickery.
Mod_rewrite can solve your problem.
Add the following to your htaccess.
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^1.2.3.5$
RewriteRule ^ - [R=404,L]
Replace 1.2.3.5 with your ip address.
I am looking to deny access to my /wp-admin/ folder to everyone but specific IP addresses. For everyone else, the page should serve a 404 error. Here's what I'm working with thus far:
# ALLOW USER BY IP
<Limit GET POST>
order deny,allow
deny from all
allow from 168.162.1.3
RedirectMatch 404 ".*"
</Limit>
I believe I'm close, but the problem is that a 404 error is not served, instead it creates a redirect loop. This would obviously be taxing on my server for no reason. So how then, can a simply serve a 404 error to everyone but these specific IP addresses and also deny them access to the repository?
Interesting idea. I'm curious as to why you're so keen on a 404 error as opposed to a 403! I guess you could be trying to mask WordPress but then you'll have to mask all the references to wp-content on the frontend too.
Anyway, let's get on with this. In order to do this, do this:
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !=8.8.8.8 [OR]
RewriteCond %{REMOTE_ADDR} !=127.0.0.1
RewriteRule ^wp-admin($|/) - [L,R=404]
Set 8.8.8.8 to your real IP Address. You can add additional OR conditions to whitelist other IPs the same way I did with localhost (127.0.0.1).
You will need to be using Apache 2.1.1 or above because we are using the R=404 flag.
I have nginx reverse proxying to apache and if I add "Deny from 111.111.111.111" to my htaccess it still allows them through as nginx doesn't forward the remote_addr ip of the visitor.
Is there a rule or something I can add to htaccess so if an the visitors ip address using "HTTP_X_REAL_IP" I can just redirect them to a static html page?
Something like this should work:
RewriteEngine On
RewriteCond %{HTTP:HTTP_X_REAL_IP} 111.111.111.111
RewriteRule (.*) - [F,L]
That rewrite rule will send them a 403 forbidden response without substituting another url. This should cause your default 403 error page to be shown.
You can specify your 403 error page using this:
ErrorDocument 403 /path-to-file
see: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond and http://httpd.apache.org/docs/2.0/mod/core.html#errordocument for more info.