How to Allow From IP Address, Serve 404 Otherwise? - apache

I am looking to deny access to my /wp-admin/ folder to everyone but specific IP addresses. For everyone else, the page should serve a 404 error. Here's what I'm working with thus far:
# ALLOW USER BY IP
<Limit GET POST>
order deny,allow
deny from all
allow from 168.162.1.3
RedirectMatch 404 ".*"
</Limit>
I believe I'm close, but the problem is that a 404 error is not served, instead it creates a redirect loop. This would obviously be taxing on my server for no reason. So how then, can a simply serve a 404 error to everyone but these specific IP addresses and also deny them access to the repository?

Interesting idea. I'm curious as to why you're so keen on a 404 error as opposed to a 403! I guess you could be trying to mask WordPress but then you'll have to mask all the references to wp-content on the frontend too.
Anyway, let's get on with this. In order to do this, do this:
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !=8.8.8.8 [OR]
RewriteCond %{REMOTE_ADDR} !=127.0.0.1
RewriteRule ^wp-admin($|/) - [L,R=404]
Set 8.8.8.8 to your real IP Address. You can add additional OR conditions to whitelist other IPs the same way I did with localhost (127.0.0.1).
You will need to be using Apache 2.1.1 or above because we are using the R=404 flag.

Related

How to 301 redirect when a user's IP address is not authorized?

I'm setting up a development server on one of my subdomains. I'm controlling access to the site using the visitor's IP address. When I see a visitor that is not authorized, I want to 301 redirect them to the main website. I've got a temporary solution using the following .htaccess directive:
ErrorDocument 403 http://www.mymainsite.com/
But my understanding is that's a 302 redirect. I want to do a 301.
In looking for a solution I came across the following:
RewriteCond %{HTTP:Authorization} !=""
RewriteRule ^$ http://www.mymainsite.com [R=301,L]
It does not appear to be working, however. Just for reference, I'm blocking on IP, not a login, so this are my settings:
Order deny,allow
Deny from all
Allow from 12.2.120.233
Anyone know how to get this working as a 301?

HTACCESS, render 404 instead of 403 upon wrong ip

Directory viewing would render 403 upon wrong ip:
order deny,allow
deny from all
allow from 111.222.333.444
Simple and clear, so lets move on...
then tried to gobble up some code to render 404 instead of 403:
order deny,allow
deny from all
allow from 111.222.333.444
RedirectMatch 404 ".*\/\..*"
And the above does not work, what have I missed?
SPECS
1. .htaccess is inside a subdir
2. file is executed by virtualhost
NB
And by rendering, I mean recieving headers vs visual trickery.
Mod_rewrite can solve your problem.
Add the following to your htaccess.
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^1.2.3.5$
RewriteRule ^ - [R=404,L]
Replace 1.2.3.5 with your ip address.

.htaccess block outside access on local server except for certain URL's

I currently have my local .htaccess on a MAMP server set up to block all incoming traffic from outside my local system;
<FilesMatch ".*">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
This works fine but I then use API's like PayPal that require access to your site for IPN's. Is it possible to keep the restriction on the rest of the site and allow outside access only to specific urls like https://example.com/paypal_ipn?
I understand I can just switch the restriction off when using IPN's but that's not what I'm looking for. Many thanks.
You can use mod_rewrite based rules instead in your root .htaccess:
RewriteEngine On
RewriteCond %{THE_REQUEST} !/paypal_ipn [NC]
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1
RewriteRule ^ - [F]
This will block all requests that are not:
originating from localhost (127.0.0.1)
for /paypal_ipn

Block IP access to specific page only

I need to block access from a certain IP address to one page of a website only, not the entire website.
Here's what I have, but doesn't seem to be working (I switch out offending IP to mine and am still abel to access after refresh/cache dump etc)
<Files specificpage.php>
order deny,allow
deny from XX.XXX.XXX.XX
</Files>
Is there a better way of doing this or does anything jump out here?
thx
You can actually mod_rewrite rules for finer control here. Place this in your root .htaccess:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} =XX.XXX.XXX.XX
RewriteRule ^specificpage\.php$ - [F,NC]

access to apache2 website using domain name and not server's IP

as written in the title, I want to access to apache2 website using domain name only and not server's IP.
I would like to get a error 403 when trying to access the website with the server's IP.
How is it possible?
thanks
I managed, with help of this thread: https://serverfault.com/questions/511...uses-the-ip-ad
finally, I added this into /etc/apache2/sites-available/default.conf:
<Directory /var/www/>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^xx\.xx\.xx\.xx
RewriteRule ^(.*)$ - [F,L]
[...]
</Directory>
Now, I have a 403 error when typing directly my IP adress, and I can access my website only by typing the domain name.
thanks all.